CVE-2018-20393

Name: CVE-2018-20393
Creator: NVD / NIST
Published: 2018-12-23T21:29:01.09+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.60%

Last modified Jun 17, 2026

CVE-2018-20393 is a vulnerability of currently unknown severity. Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.. EPSS estimates a 1.60% chance of exploitation in the next 30 days.

Description

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Metrics

EPSS Probability

1.60%

72.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Technicolor	Cga0111 Firmware	cga0111e-es-13-e23e-c8000r5712-170217-0829-tru
Technicolor	Cga0101 Firmware	cwa0101e-a23e-c7000r5712-170315-skc
Technicolor	Dpc3928sl Firmware	d3928sl-psip-13-a010-c3420r55105-170214a
Technicolor	Tc7110.Ar Firmware	std3.38.03
Technicolor	Tc7110.B Firmware	stc8.62.02
Technicolor	Tc7110.D Firmware	stdb.79.02
Technicolor	Tc7200.D1i Firmware	tc7200.d1ie-n23e-c7000r5712-170406-hat
Technicolor	Tc7200.Th2v2.D1i Firmware	sc05.00.22

References

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlExploit, Third Party Advisory
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlExploit, Third Party Advisory

Timeline

Published: Dec 23, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-20393?

How severe is CVE-2018-20393?

Severity scoring for CVE-2018-20393 is pending analysis. The EPSS model estimates a 1.60% probability of exploitation in the next 30 days.

How do I fix CVE-2018-20393?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-20393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST