Vulnerabilities > CVE-2017-5135 - SNMP Authentication Bypass vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
Exploit-Db
| description | Technicolor DPC3928SL - SNMP Authentication Bypass. CVE-2017-5135. Remote exploit for Hardware platform |
| id | EDB-ID:43384 |
| last seen | 2017-12-21 |
| modified | 2017-05-05 |
| published | 2017-05-05 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43384/ |
| title | Technicolor DPC3928SL - SNMP Authentication Bypass |