Vulnerabilities > CVE-2017-5135 - Unspecified vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
technicolor
critical
exploit available

Summary

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

Exploit-Db

descriptionTechnicolor DPC3928SL - SNMP Authentication Bypass. CVE-2017-5135. Remote exploit for Hardware platform
idEDB-ID:43384
last seen2017-12-21
modified2017-05-05
published2017-05-05
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43384/
titleTechnicolor DPC3928SL - SNMP Authentication Bypass