Back to CVE Browser

CVE-2018-20396

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1010%

EPSS Percentile21.38th

PublishedDec 23, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Affected Platforms (CPE)

💻

Telaum

Ming2120j Firmware

= 5.76.1006c

💻

Telaum

Ming6300 Firmware

= 5.83.6305jrc2

References & Advisories

🔗 https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

🔗 https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

🔗 https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

🔗 https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

Related Vulnerabilities

CVE-2018-100065210.0

JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosur...

CVE-2018-1051110.0

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request for...

CVE-2018-377410.0

Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, ...

CVE-2018-100064410.0

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files...