Details of VAR-201812-0773

ID

VAR-201812-0773

CVE

CVE-2018-20442

TITLE

Technicolor TC7110.B Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013578

DESCRIPTION

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. Technicolor TC7110.B The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7110.B is a cable modem from Technicolor Group. Technicolor TC7110.B STC8.62.02 has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20442 // JVNDB: JVNDB-2018-013578 // CNVD: CNVD-2019-42724 // VULHUB: VHN-131249

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42724

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7110.b	scope:	eq	version:	stc8.62.02	Trust: 2.4
vendor:	technicolor	model:	tc7110.b stc8.62.02	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42724 // JVNDB: JVNDB-2018-013578 // CNNVD: CNNVD-201812-1115 // NVD: CVE-2018-20442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20442
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20442
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42724
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1115
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131249
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20442
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42724
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131249
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20442
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42724 // VULHUB: VHN-131249 // JVNDB: JVNDB-2018-013578 // CNNVD: CNNVD-201812-1115 // NVD: CVE-2018-20442

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131249 // JVNDB: JVNDB-2018-013578 // NVD: CVE-2018-20442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1115

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1115

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013578

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013578

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20442	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013578	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1115	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42724	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131249	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42724 // VULHUB: VHN-131249 // JVNDB: JVNDB-2018-013578 // CNNVD: CNNVD-201812-1115 // NVD: CVE-2018-20442

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20442	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20442	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42724 // VULHUB: VHN-131249 // JVNDB: JVNDB-2018-013578 // CNNVD: CNNVD-201812-1115 // NVD: CVE-2018-20442

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42724
db:	VULHUB	id:	VHN-131249
db:	JVNDB	id:	JVNDB-2018-013578
db:	CNNVD	id:	CNNVD-201812-1115
db:	NVD	id:	CVE-2018-20442

LAST UPDATE DATE

2025-01-30T22:07:29.834000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42724	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131249	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013578	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1115	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20442	date:	2024-11-21T04:01:29.643

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42724	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131249	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013578	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1115	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20442	date:	2018-12-25T15:29:00.727