Details of VAR-201812-0739

ID

VAR-201812-0739

CVE

CVE-2018-20439

TITLE

Technicolor DPC3928SL Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013582

DESCRIPTION

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor DPC3928SL The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor DPC3928SL is a cable modem of the French Technicolor Group. Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a version has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20439 // JVNDB: JVNDB-2018-013582 // CNVD: CNVD-2019-42718 // VULHUB: VHN-131245

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42718

AFFECTED PRODUCTS

vendor:	technicolor	model:	dpc3928sl	scope:	eq	version:	d3928sl-psip-13-a010-c3420r55105-170214a	Trust: 2.4
vendor:	technicolor	model:	dpc3928sl d3928sl-psip-13-a010-c3420r55105-170214a	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42718 // JVNDB: JVNDB-2018-013582 // CNNVD: CNNVD-201812-1112 // NVD: CVE-2018-20439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20439
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20439
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42718
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1112
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131245
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20439
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42718
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131245
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20439
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42718 // VULHUB: VHN-131245 // JVNDB: JVNDB-2018-013582 // CNNVD: CNNVD-201812-1112 // NVD: CVE-2018-20439

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131245 // JVNDB: JVNDB-2018-013582 // NVD: CVE-2018-20439

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1112

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1112

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013582

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013582

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20439	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013582	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1112	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42718	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131245	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42718 // VULHUB: VHN-131245 // JVNDB: JVNDB-2018-013582 // CNNVD: CNNVD-201812-1112 // NVD: CVE-2018-20439

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20439	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20439	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42718 // VULHUB: VHN-131245 // JVNDB: JVNDB-2018-013582 // CNNVD: CNNVD-201812-1112 // NVD: CVE-2018-20439

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42718
db:	VULHUB	id:	VHN-131245
db:	JVNDB	id:	JVNDB-2018-013582
db:	CNNVD	id:	CNNVD-201812-1112
db:	NVD	id:	CVE-2018-20439

LAST UPDATE DATE

2025-01-30T20:47:20.183000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42718	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131245	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013582	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1112	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20439	date:	2024-11-21T04:01:29.227

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42718	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131245	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013582	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1112	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20439	date:	2018-12-25T15:29:00.553