Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-20393

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Dec, 2018 | 21:00
Updated At-16 Sep, 2024 | 18:12
Rejected At-
Credits

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Dec, 2018 | 21:00
Updated At:16 Sep, 2024 | 18:12
Rejected At:
â–¼CVE Numbering Authority (CNA)

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
x_refsource_MISC
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
x_refsource_MISC
Hyperlink: https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
Resource:
x_refsource_MISC
Hyperlink: https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
x_refsource_MISC
x_transferred
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Dec, 2018 | 21:29
Updated At:24 Aug, 2020 | 17:37

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
technicolor
technicolor
>>cga0111_firmware>>cga0111e-es-13-e23e-c8000r5712-170217-0829-tru
cpe:2.3:o:technicolor:cga0111_firmware:cga0111e-es-13-e23e-c8000r5712-170217-0829-tru:*:*:*:*:*:*:*
technicolor
technicolor
>>cga0111>>1.0
cpe:2.3:h:technicolor:cga0111:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>cga0101_firmware>>cwa0101e-a23e-c7000r5712-170315-skc
cpe:2.3:o:technicolor:cga0101_firmware:cwa0101e-a23e-c7000r5712-170315-skc:*:*:*:*:*:*:*
technicolor
technicolor
>>cga0101>>1.0
cpe:2.3:h:technicolor:cga0101:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>dpc3928sl_firmware>>d3928sl-psip-13-a010-c3420r55105-170214a
cpe:2.3:o:technicolor:dpc3928sl_firmware:d3928sl-psip-13-a010-c3420r55105-170214a:*:*:*:*:*:*:*
technicolor
technicolor
>>dpc3928sl>>1.0
cpe:2.3:h:technicolor:dpc3928sl:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.ar_firmware>>std3.38.03
cpe:2.3:o:technicolor:tc7110.ar_firmware:std3.38.03:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.ar>>1.0
cpe:2.3:h:technicolor:tc7110.ar:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.b_firmware>>stc8.62.02
cpe:2.3:o:technicolor:tc7110.b_firmware:stc8.62.02:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.b>>2.0
cpe:2.3:h:technicolor:tc7110.b:2.0:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.d_firmware>>stdb.79.02
cpe:2.3:o:technicolor:tc7110.d_firmware:stdb.79.02:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7110.d>>1.0
cpe:2.3:h:technicolor:tc7110.d:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7200.d1i_firmware>>tc7200.d1ie-n23e-c7000r5712-170406-hat
cpe:2.3:o:technicolor:tc7200.d1i_firmware:tc7200.d1ie-n23e-c7000r5712-170406-hat:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7200.d1i>>1.0
cpe:2.3:h:technicolor:tc7200.d1i:1.0:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7200.th2v2.d1i_firmware>>sc05.00.22
cpe:2.3:o:technicolor:tc7200.th2v2.d1i_firmware:sc05.00.22:*:*:*:*:*:*:*
technicolor
technicolor
>>tc7200.th2v2.d1i>>01.00
cpe:2.3:h:technicolor:tc7200.th2v2.d1i:01.00:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvcve@mitre.org
Third Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlcve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2017-14127
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.51% / 94.25%
||
7 Day CHG~0.00%
Published-04 Sep, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

Action-Not Available
Vendor-technicolorn/a
Product-td5336_firmwaretd5336n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-10376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 13:35
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.

Action-Not Available
Vendor-technicolorn/a
Product-tc7337net_firmwaretc7337netn/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2014-1677
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.05% / 96.50%
||
7 Day CHG~0.00%
Published-03 Apr, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200tc7200_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-20441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.87%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.th2v2tc7200.th2v2_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.94%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 21:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cga0111_firmwarecga0111n/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20442
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.87%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7110.b_firmwaretc7110.bn/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.94%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-dpc3928sldpc3928sl_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.87%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7110.artc7110.ar_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.63% / 70.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-dpc2320_firmwaredpc2320n/a
CVE-2018-20394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 70.75%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 21:00
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-twg870twg870_firmwaredwg855_firmwaredwg850-4_firmwaredwg855dwg850-4dwg849dwg849_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.87%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-cwa0101cwa0101_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2018-20443
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 64.87%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 15:00
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

Action-Not Available
Vendor-technicolorn/a
Product-tc7200.d1itc7200.d1i_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-11449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 58.12%
||
7 Day CHG~0.00%
Published-01 Apr, 2020 | 14:17
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.

Action-Not Available
Vendor-technicolorn/a
Product-tc7337tc7337_firmwaren/a
CWE ID-CWE-522
Insufficiently Protected Credentials
Details not found