Details of VAR-201812-0775

ID

VAR-201812-0775

CVE

CVE-2018-20444

TITLE

Technicolor CGA0111 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013580

DESCRIPTION

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. Technicolor CGA0111 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Technicolor CGA0111 is a cable modem of the French Technicolor Group. Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2018-20444 // JVNDB: JVNDB-2018-013580 // CNVD: CNVD-2019-42722 // VULHUB: VHN-131251

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42722

AFFECTED PRODUCTS

vendor:	technicolor	model:	cga0111	scope:	eq	version:	cga0111e-es-13-e23e-c8000r5712-170217-0829-tru	Trust: 2.4
vendor:	technicolor	model:	cga0111 e-es-13-e23e-c8000r5712-170217-0829-tru	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-42722 // JVNDB: JVNDB-2018-013580 // CNNVD: CNNVD-201812-1117 // NVD: CVE-2018-20444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20444
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20444
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-42722
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-1117
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131251
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20444
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-42722
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-131251
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20444
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-42722 // VULHUB: VHN-131251 // JVNDB: JVNDB-2018-013580 // CNNVD: CNNVD-201812-1117 // NVD: CVE-2018-20444

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131251 // JVNDB: JVNDB-2018-013580 // NVD: CVE-2018-20444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1117

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1117

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013580

PATCH

title:

Top Page

url:

https://www.technicolor.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013580

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20444	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-013580	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1117	Trust: 0.7
db:	CNVD	id:	CNVD-2019-42722	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULHUB	id:	VHN-131251	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42722 // VULHUB: VHN-131251 // JVNDB: JVNDB-2018-013580 // CNNVD: CNNVD-201812-1117 // NVD: CVE-2018-20444

REFERENCES

url:	https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20444	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20444	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-42722 // VULHUB: VHN-131251 // JVNDB: JVNDB-2018-013580 // CNNVD: CNNVD-201812-1117 // NVD: CVE-2018-20444

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2019-42722
db:	VULHUB	id:	VHN-131251
db:	JVNDB	id:	JVNDB-2018-013580
db:	CNNVD	id:	CNNVD-201812-1117
db:	NVD	id:	CVE-2018-20444

LAST UPDATE DATE

2025-01-30T22:22:36.288000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-42722	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131251	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013580	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1117	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20444	date:	2024-11-21T04:01:29.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-42722	date:	2019-11-28T00:00:00
db:	VULHUB	id:	VHN-131251	date:	2018-12-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-013580	date:	2019-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1117	date:	2018-12-26T00:00:00
db:	NVD	id:	CVE-2018-20444	date:	2018-12-25T15:29:00.787