CVE-2017-5135

Name: CVE-2017-5135
Creator: NVD / NIST
Published: 2017-04-27T15:59:00.15+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 17.40%

Last modified Jun 17, 2026

CVE-2017-5135 is a vulnerability of currently unknown severity. Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. EPSS estimates a 17.40% chance of exploitation in the next 30 days.

Description

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

Metrics

EPSS Probability

17.40%

96.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Technicolor	Dpc3928sl Firmware	d3928sl-p15-13-a386-c3420r55105-160127a

References

http://www.securityfocus.com/bid/98092Third Party Advisory, VDB Entry
https://stringbleed.github.io/Technical Description, Third Party Advisory
https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/Press/Media Coverage, Third Party Advisory
http://www.securityfocus.com/bid/98092Third Party Advisory, VDB Entry
https://stringbleed.github.io/Technical Description, Third Party Advisory
https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/Press/Media Coverage, Third Party Advisory

Timeline

Published: Apr 27, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5135?

How severe is CVE-2017-5135?

Severity scoring for CVE-2017-5135 is pending analysis. The EPSS model estimates a 17.40% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5135?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5135?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST