CVE-2017-5135

CRITICAL

Technicolor DPC3928SL - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5135. PoCs published by nixawk.

AI-analyzed exploit summary This exploit targets CVE-2017-5135 (StringBleed) in SNMP implementations, crafting malformed SNMP packets to trigger information leakage. It generates SNMP GetNextRequest PDUs with manipulated community strings and parses responses to extract sensitive data.

Description

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

Exploits (1)

exploitdb WORKING POC

by nixawk · pythonremotehardware

https://www.exploit-db.com/exploits/43384

View Code ZIP pw:eip

This exploit targets CVE-2017-5135 (StringBleed) in SNMP implementations, crafting malformed SNMP packets to trigger information leakage. It generates SNMP GetNextRequest PDUs with manipulated community strings and parses responses to extract sensitive data.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: SNMP implementations (e.g., Net-SNMP)

No auth needed

Prerequisites: Network access to target SNMP service · SNMP service running on target

MITRE ATT&CK

T1040 - Network Sniffing T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Technical Description, Third Party Advisory x_refsource_misc

https://stringbleed.github.io/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98092

Press/Media Coverage, Third Party Advisory x_refsource_misc

https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/

Scores

CVSS v3 9.1

EPSS 0.1740

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

Status published

Products (1)

technicolor/dpc3928sl_firmware d3928sl-p15-13-a386-c3420r55105-160127a

Published Apr 27, 2017

Tracked Since Feb 18, 2026