Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10540 1 Qualcomm 54 Ipq8074, Ipq8074 Firmware, Msm8996au and 51 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130
CVE-2019-2252 1 Qualcomm 72 Mdm9650, Mdm9650 Firmware, Msm8909w and 69 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
CVE-2015-9280 1 Mailenable 1 Mailenable 2019-10-03 5.0 MEDIUM 10.0 CRITICAL
MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVE-2017-8303 1 Accellion 1 File Transfer Appliance 2019-10-03 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.
CVE-2017-18379 1 Linux 1 Linux Kernel 2019-10-03 7.5 HIGH 9.8 CRITICAL
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
CVE-2017-9248 1 Telerik 2 Sitefinity Cms, Ui For Asp.net Ajax 2019-10-03 7.5 HIGH 9.8 CRITICAL
Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise.
CVE-2018-9995 1 Tbkvision 4 Tbk-dvr4104, Tbk-dvr4104 Firmware, Tbk-dvr4216 and 1 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
CVE-2018-9853 1 Freesshd 1 Freesshd 2019-10-03 7.5 HIGH 9.8 CRITICAL
Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.
CVE-2018-8936 1 Amd 8 Epyc Server, Epyc Server Firmware, Ryzen and 5 more 2019-10-03 9.3 HIGH 9.0 CRITICAL
The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.
CVE-2018-8755 1 Nucom 2 Wr644gacv, Wr644gacv Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. By downloading this file, an attacker can access the admin password, WPA key, and any config information of the device.
CVE-2018-8739 1 Keepsolid 1 Vpn Unlimited 2019-10-03 10.0 HIGH 9.8 CRITICAL
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.
CVE-2018-8710 1 Woocommerce-filter 1 Woocommerce Products Filter 2019-10-03 7.5 HIGH 9.8 CRITICAL
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
CVE-2018-8529 1 Microsoft 1 Team Foundation Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
CVE-2018-7785 1 Schneider-electric 1 U.motion Builder 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass.
CVE-2018-7702 1 Securenvoy 1 Securmail 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
CVE-2018-7246 1 Schneider-electric 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
A cleartext transmission of sensitive information vulnerability exists in Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. he integrated web server (Port 80/443/TCP) of the affected devices could allow remote attackers to discover an administrative account. If default on device, it is not using a SSL in settings and if multiple request of the page "Access Control" (IP-address device/ups/pas_cont.htm) account data will be sent in cleartext
CVE-2018-7245 1 Schneider-electric 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to change UPS control and shutdown parameters or other critical settings without authorization.
CVE-2018-7243 1 Schneider-electric 11 66074 Mge Network Management Card Transverse, Mge Comet Ups, Mge Eps 6000 and 8 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
An authorization bypass vulnerability exists In Schneider Electric's 66074 MGE Network Management Card Transverse installed in MGE UPS and MGE STS. The integrated web server (Port 80/443/TCP) of the affected devices could allow a remote attacker to get a full access to device, bypassing the authorization system.
CVE-2018-7096 1 Hp 1 3par Service Provider 2019-10-03 7.5 HIGH 9.8 CRITICAL
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution.
CVE-2018-7095 1 Hp 1 3par Service Provider 2019-10-03 7.5 HIGH 9.8 CRITICAL
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass.
CVE-2018-6968 1 Vmware 1 Airwatch Agent 2019-10-03 7.5 HIGH 10.0 CRITICAL
The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator.
CVE-2018-6809 1 Citrix 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
CVE-2018-6624 1 Omron 7 Ns10, Ns12, Ns15 and 4 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.
CVE-2018-6231 1 Trendmicro 1 Smart Protection Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
CVE-2018-6017 1 Tinder 1 Tinder 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.
CVE-2018-5506 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices.
CVE-2018-5495 1 Netapp 1 Storagegrid Webscale 2019-10-03 7.5 HIGH 9.8 CRITICAL
All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.
CVE-2018-5347 1 Seagate 2 Personal Cloud, Personal Cloud Firmware 2019-10-03 10.0 HIGH 9.8 CRITICAL
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVE-2018-5267 1 Cobham 2 Sea Tel 121, Sea Tel 121 Firmware 2019-10-03 7.5 HIGH 9.8 CRITICAL
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.
CVE-2018-4995 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more 2019-10-03 7.5 HIGH 9.8 CRITICAL
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.
CVE-2018-3679 1 Intel 1 Data Center Manager 2019-10-03 8.3 HIGH 9.6 CRITICAL
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
CVE-2018-3596 1 Google 1 Android 2019-10-03 7.5 HIGH 9.8 CRITICAL
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.
CVE-2018-3594 1 Qualcomm 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings.
CVE-2018-3259 1 Oracle 1 Database Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-3201 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-3197 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-3191 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-2930 1 Oracle 1 Solaris Cluster 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). Supported versions that are affected are 3.3 and 4.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via RPC to compromise Solaris Cluster. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-2894 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-2893 1 Oracle 1 Weblogic Server 2019-10-03 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2018-2664 1 Oracle 1 Sun Zfs Storage Appliance Kit 2019-10-03 6.8 MEDIUM 9.0 CRITICAL
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is Prior to 8.7.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2018-2656 1 Oracle 1 E-business Suite 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Data Manager Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle General Ledger accessible data as well as unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2018-2655 1 Oracle 1 Work In Process 2019-10-03 6.4 MEDIUM 9.1 CRITICAL
Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Assemble/Configure to Order). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Work in Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Work in Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Work in Process accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2018-20764 2 Helpsystems, Linux 2 Boks, Linux Kernel 2019-10-03 7.5 HIGH 9.8 CRITICAL
A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation.
CVE-2018-20512 1 Cdatatec 22 Epon Cpe-wifi Devices Firmware, Fd108bn, Fd111hz and 19 more 2019-10-03 10.0 HIGH 9.8 CRITICAL
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
CVE-2018-20444 1 Technicolor 2 Cga0111, Cga0111 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2018-20443 1 Technicolor 2 Tc7200.d1i, Tc7200.d1i Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2018-20442 1 Technicolor 2 Tc7110.b, Tc7110.b Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
CVE-2018-20441 1 Technicolor 2 Tc7200.th2v2, Tc7200.th2v2 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
CVE-2018-20440 1 Technicolor 2 Cwa0101, Cwa0101 Firmware 2019-10-03 5.0 MEDIUM 9.8 CRITICAL
Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.