CVE-2018-20385
CRITICALCastlenet Cbv38z4ec Firmware - Insufficiently Protected Credentials
Title source: ruleDescription
CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Scores
CVSS v3
9.8
EPSS
0.0064
EPSS Percentile
70.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-522
Status
published
Affected Products (4)
castlenet/cbv38z4ec_firmware
castlenet/cbv38z4ecnit_firmware
castlenet/cbw383g4j_firmware
castlenet/cbw38g4j_firmware
Timeline
Published
Dec 23, 2018
Tracked Since
Feb 18, 2026