Find a vulnerability
Search criteria
1 vulnerability found for dwg850-4 by technicolor
VAR-201812-0686
Vulnerability from variot - Updated: 2024-11-23 22:21Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Thomson Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thomson DWG849 etc. are all modem products. A security vulnerability exists in several Thomson products. The following products and versions are affected: Thomson DWG849 STC version 0.01.16; DWG850-4 ST9C.05.25 version; DWG855 ST80.20.26 version; TWG870 STB version 2.01.36
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwg849",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "stc0.01.16"
},
{
"model": "dwg850-4",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "st9c.05.25"
},
{
"model": "dwg855",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "st80.20.26"
},
{
"model": "twg870",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "stb2.01.36"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:technicolor:dwg849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:technicolor:dwg850-4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:technicolor:dwg855_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:technicolor:twg870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
}
]
},
"cve": "CVE-2018-20394",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20394",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-131196",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20394",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20394",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-20394",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1052",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-131196",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-20394",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Thomson Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thomson DWG849 etc. are all modem products. A security vulnerability exists in several Thomson products. The following products and versions are affected: Thomson DWG849 STC version 0.01.16; DWG850-4 ST9C.05.25 version; DWG855 ST80.20.26 version; TWG870 STB version 2.01.36",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "VULMON",
"id": "CVE-2018-20394"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20394",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-131196",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20394",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"id": "VAR-201812-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-131196"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:52.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.technicolor.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv"
},
{
"trust": 1.8,
"url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20394"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20394"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-131196"
},
{
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-131196"
},
{
"date": "2018-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"date": "2018-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"date": "2018-12-23T21:29:01.153000",
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-131196"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20394"
},
{
"date": "2019-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013739"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1052"
},
{
"date": "2024-11-21T04:01:23.907000",
"db": "NVD",
"id": "CVE-2018-20394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Thomson Vulnerabilities related to certificate and password management in product devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1052"
}
],
"trust": 0.6
}
}