← back
CVE-2017-5135

CVE-2017-5135

EPSS 17.4%
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/43384unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://stringbleed.github.io/https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/http://www.securityfocus.com/bid/98092