Technicolor DPC3928SL CVE-2017-5135 SNMP Authentication Bypass Vulnerability

Technicolor DPC3928SL is prone to an authentication-bypass vulnerability.

Exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.

Technicolor DPC3928SL firmware version D3928SL-P15-13-A386-c3420r55105-160127a is vulnerable; other devices are also affected.

Information

Bugtraq ID: 98092
Class: Access Validation Error
CVE: CVE-2017-5135

Remote: Yes
Local: No
Published: Apr 04 2017 12:00AM
Updated: Apr 04 2017 12:00AM
Credit: Ezequiel Fernandez (Argentina) and Bertin Bervis (Costa Rica).
Vulnerable: Technicolor DPC3928SL D3928SL-P15-13-A386-

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

Technicolor Homepage (Technicolor)
CVE 2017-5135 SNMP authentication bypass (stringbleed.github.io) (netsec)
StringBleed PAPER ( CVE 2017-5135 ) (stringbleed)
StringBleed-CVE-2017-5135 (github)

Source: www.securityfocus.com

Exploit Collector

Search Exploit