Details of VAR-201812-0774

ID

VAR-201812-0774

CVE

CVE-2018-20443

TITLE

Technicolor TC7200.d1I Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013579

DESCRIPTION

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor TC7200.d1I The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor TC7200.d1I is a cable modem of the French Technicolor Group. Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20443 // JVNDB: JVNDB-2018-013579 // CNVD: CNVD-2019-42723 // VULHUB: VHN-131250

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42723

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7200.d1i	scope:	eq	version:	tc7200.d1ie-n23e-c7000r5712-170406-hat	Trust: 2.4
vendor:	technicolor	model:	tc7200.d1i e-n23e-c7000r5712-170406-hat	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42723 // JVNDB: JVNDB-2018-013579 // CNNVD: CNNVD-201812-1116 // NVD: CVE-2018-20443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20443
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20443
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42723
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1116
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131250
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20443
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42723
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131250
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20443
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42723 // VULHUB: VHN-131250 // JVNDB: JVNDB-2018-013579 // CNNVD: CNNVD-201812-1116 // NVD: CVE-2018-20443

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131250 // JVNDB: JVNDB-2018-013579 // NVD: CVE-2018-20443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1116

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1116

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013579

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013579

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20443	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013579	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1116	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42723	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131250	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42723 // VULHUB: VHN-131250 // JVNDB: JVNDB-2018-013579 // CNNVD: CNNVD-201812-1116 // NVD: CVE-2018-20443

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20443	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20443	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42723 // VULHUB: VHN-131250 // JVNDB: JVNDB-2018-013579 // CNNVD: CNNVD-201812-1116 // NVD: CVE-2018-20443

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42723
db:	VULHUB	id:	VHN-131250
db:	JVNDB	id:	JVNDB-2018-013579
db:	CNNVD	id:	CNNVD-201812-1116
db:	NVD	id:	CVE-2018-20443

LAST UPDATE DATE

2025-01-30T22:39:18.133000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42723	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131250	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013579	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1116	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20443	date:	2024-11-21T04:01:29.777

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42723	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131250	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013579	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1116	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20443	date:	2018-12-25T15:29:00.757