Details of VAR-201812-0740

ID

VAR-201812-0740

CVE

CVE-2018-20440

TITLE

Technicolor CWA0101 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013576

DESCRIPTION

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CWA0101 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CWA0101 is a cable modem of the French Technicolor Group. Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC version has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20440 // JVNDB: JVNDB-2018-013576 // CNVD: CNVD-2019-42717 // VULHUB: VHN-131247

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42717

AFFECTED PRODUCTS

vendor:	technicolor	model:	cwa0101	scope:	eq	version:	cwa0101e-a23e-c7000r5712-170315-skc	Trust: 2.4
vendor:	technicolor	model:	cwa0101 e-a23e-c7000r5712-170315-skc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42717 // JVNDB: JVNDB-2018-013576 // CNNVD: CNNVD-201812-1113 // NVD: CVE-2018-20440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20440
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20440
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42717
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1113
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131247
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20440
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42717
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131247
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20440
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42717 // VULHUB: VHN-131247 // JVNDB: JVNDB-2018-013576 // CNNVD: CNNVD-201812-1113 // NVD: CVE-2018-20440

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131247 // JVNDB: JVNDB-2018-013576 // NVD: CVE-2018-20440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1113

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1113

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013576

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013576

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20440	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013576	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1113	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42717	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131247	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42717 // VULHUB: VHN-131247 // JVNDB: JVNDB-2018-013576 // CNNVD: CNNVD-201812-1113 // NVD: CVE-2018-20440

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20440	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20440	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42717 // VULHUB: VHN-131247 // JVNDB: JVNDB-2018-013576 // CNNVD: CNNVD-201812-1113 // NVD: CVE-2018-20440

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42717
db:	VULHUB	id:	VHN-131247
db:	JVNDB	id:	JVNDB-2018-013576
db:	CNNVD	id:	CNNVD-201812-1113
db:	NVD	id:	CVE-2018-20440

LAST UPDATE DATE

2025-01-30T20:22:09.042000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42717	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131247	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013576	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1113	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20440	date:	2024-11-21T04:01:29.363

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42717	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131247	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013576	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1113	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20440	date:	2018-12-25T15:29:00.600