9.8

CVE-2018-20398

Exploit
Skyworth CM5100 V1.1.0, CM5100-440 V1.2.1, CM5100-511 4.1.0.14, CM5100-GHD00 V1.2.2, and CM5100.g2 4.1.0.17 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SkyworthdigitalCm5100 Firmware Version1.1.0
   SkyworthdigitalCm5100 Version2.1
SkyworthdigitalCm5100-440 Firmware Version1.2.1
   SkyworthdigitalCm5100-440 Version2.1
SkyworthdigitalCm5100-511 Firmware Version4.1.0.14
   SkyworthdigitalCm5100-511 Version1.1
SkyworthdigitalCm5100-ghd00 Firmware Version1.2.2
   SkyworthdigitalCm5100-ghd00 Version2.1
SkyworthdigitalCm5100.G2 Firmware Version4.1.0.17
   SkyworthdigitalCm5100.G2 Version5.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.