K22494544: SNMP Incorrect Access Control vulnerability CVE-2017-5135

Security Advisory Description Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from th...

Technicolor DPC3928SL - SNMP Authentication Bypass Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/python -- coding: utf-8 -- StringBleed - CVE-2017-5135 author = "Nixawk" funcs = 'generatesnmpcommunitystr', 'generatesnmpprotopayload', 'sendsnmprequest', 'readsnmpcommunitystr', 'readsnmpvarbindstr', 'snmplogin',...

Technicolor DPC3928SL - SNMP Authentication Bypass

Technicolor DPC3928SL - SNMP Authentication Bypass !/usr/bin/python -- coding: utf-8 -- StringBleed - CVE-2017-5135 author = "Nixawk" funcs = 'generatesnmpcommunitystr', 'generatesnmpprotopayload', 'sendsnmprequest', 'readsnmpcommunitystr', 'readsnmpvarbindstr', 'snmplogin', 'snmpstringbleed'...

StringBleed: SNMP Protocol“God mode”vulnerability affects a variety of network devices-vulnerability warning-the black bar safety net

Recently, data from South America, two security researchers discovered that the SNMP（Simple Network Management Protocol the v1 and v2 version of the Protocol the presence of the authorized authentication and access control bypass vulnerability, at least 78 kinds of models of network access and Io...

CVE-2017-5135

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can writ...

CVE-2017-5135

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can writ...

Design/Logic Flaw

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor formerly Cisco DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can writ...

CVE-2017-5135

CVE-2017-5135 describes an SNMP access-control bypass on certain Technicolor (former Cisco) devices, notably the DPC3928SL. The vulnerability allows authentication with any SNMP community string, potentially granting full remote read/write access via MIB write capabilities (Stringbleed). Concrete...

SNMP Incorrect Access Control Vulnerability (CVE 2017-5135) (StringBleed)

In DEFCON 24 IoT Village i gave a talk about the danger of SNMP write properties enabled devices in the IoT, police patrols, ambulances and other in the “critical mission vehicles” were affected in that research. In December 2016 with a colleague from Argentina Ezequiel Fernandez we decided to...