CVE-2017-5135

CRITICAL

Technicolor DPC3928SL - Auth Bypass

Title source: llm

Description

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

Exploits (1)

exploitdb WORKING POC
by nixawk · pythonremotehardware
https://www.exploit-db.com/exploits/43384

References (3)

Scores

CVSS v3 9.1
EPSS 0.2237
EPSS Percentile 95.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published
Products (1)
technicolor/dpc3928sl_firmware d3928sl-p15-13-a386-c3420r55105-160127a
Published Apr 27, 2017
Tracked Since Feb 18, 2026