CVE-2017-5135
Summary
| CVE | CVE-2017-5135 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-27 15:59:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Technicolor | Dpc3928sl | - | All | All | All |
| Hardware | Technicolor | Dpc3928sl | - | All | All | All |
| Operating System | Technicolor | Dpc3928sl Firmware | d3928sl-p15-13-a386-c3420r55105-160127a | All | All | All |
| Operating System | Technicolor | Dpc3928sl Firmware | d3928sl-p15-13-a386-c3420r55105-160127a | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| StringBleed | MISC | stringbleed.github.io | Technical Description, Third Party Advisory |
| CVE 2017-5135 SNMP authentication bypass : netsec | MISC | www.reddit.com | Press/Media Coverage, Third Party Advisory |
| Technicolor DPC3928SL CVE-2017-5135 SNMP Authentication Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.