CRITICAL🇬🇧 English

CVE-2017-5135

CVSS 9.1v3.0pub. 2017-04-27upd. 2026-05-13

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Technicolor Dpc3928sl

    HW
    Technicolor
    wszystkie wersje
  • Technicolor Dpc3928sl Firmware

    OS
    Technicolor
    d3928sl-p15-13-a386-c3420r55105-160127a
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-20439CRITICAL9.8ten sam produkt

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-F...

CVE-2018-20393CRITICAL9.8ten sam produkt

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SK...

CVE-2018-20379MEDIUM4.7ten sam produkt

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injectio...

CVE-2020-10376CRITICAL9.8ten sam vendor

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the netw...

CVE-2019-19495CRITICAL9.8ten sam vendor

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote a...