CVE-2018-20400

CRITICAL

Ubeeinteractive Dvw2108 Firmware - Insufficiently Protected Credentials

Title source: rule

Description

Ubee DVW2108 6.28.1017 and DVW2110 6.28.2012 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0064
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (2)

ubeeinteractive/dvw2108_firmware
ubeeinteractive/dvw2110_firmware

Timeline

Published Dec 23, 2018
Tracked Since Feb 18, 2026