Details of VAR-201812-0741

ID

VAR-201812-0741

CVE

CVE-2018-20441

TITLE

Technicolor TC7200.TH2v2 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013577

DESCRIPTION

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7200.TH2v2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.TH2v2 is a cable modem of the French Technicolor Group. Technicolor TC7200.TH2v2 SC05.00.22 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20441 // JVNDB: JVNDB-2018-013577 // CNVD: CNVD-2019-42725 // VULHUB: VHN-131248

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42725

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7200.th2v2	scope:	eq	version:	sc05.00.22	Trust: 2.4
vendor:	technicolor	model:	tc7200.th2v2 sc05.00.22	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42725 // JVNDB: JVNDB-2018-013577 // CNNVD: CNNVD-201812-1114 // NVD: CVE-2018-20441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20441
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20441
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42725
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1114
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131248
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20441
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42725
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131248
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20441
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42725 // VULHUB: VHN-131248 // JVNDB: JVNDB-2018-013577 // CNNVD: CNNVD-201812-1114 // NVD: CVE-2018-20441

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131248 // JVNDB: JVNDB-2018-013577 // NVD: CVE-2018-20441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1114

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1114

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013577

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013577

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20441	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013577	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1114	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42725	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131248	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42725 // VULHUB: VHN-131248 // JVNDB: JVNDB-2018-013577 // CNNVD: CNNVD-201812-1114 // NVD: CVE-2018-20441

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20441	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20441	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42725 // VULHUB: VHN-131248 // JVNDB: JVNDB-2018-013577 // CNNVD: CNNVD-201812-1114 // NVD: CVE-2018-20441

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42725
db:	VULHUB	id:	VHN-131248
db:	JVNDB	id:	JVNDB-2018-013577
db:	CNNVD	id:	CNNVD-201812-1114
db:	NVD	id:	CVE-2018-20441

LAST UPDATE DATE

2025-01-30T21:28:04.793000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42725	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131248	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013577	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1114	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20441	date:	2024-11-21T04:01:29.503

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42725	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131248	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013577	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1114	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20441	date:	2018-12-25T15:29:00.677