Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE network
low complexity
technicolor
critical
exploit available
Published: 2017-04-27
Updated: 2019-10-03
Summary
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
Vulnerable Configurations
Exploit-Db
description | Technicolor DPC3928SL - SNMP Authentication Bypass. CVE-2017-5135. Remote exploit for Hardware platform |
id | EDB-ID:43384 |
last seen | 2017-12-21 |
modified | 2017-05-05 |
published | 2017-05-05 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43384/ |
title | Technicolor DPC3928SL - SNMP Authentication Bypass |