Vulnerability Details CVE-2018-20383
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Products affected by CVE-2018-20383
-
cpe:2.3:h:commscope:arris_dg950s:3.0
-
cpe:2.3:o:arris:dg950s_firmware:7.10.145.euro
-
cpe:2.3:o:commscope:arris_dg950a:3.0
-
cpe:2.3:o:commscope:arris_dg950a_firmware:7.10.145