CVE-2018-20395 in MNG6200
Summary
by MITRE
NETWAVE MNG6200 C4835805jrc12FU121413.cpr devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/23/2020
The NETWAVE MNG6200 C4835805jrc12FU121413.cpr device represents a network management appliance that exposes sensitive credential information through improperly configured Simple Network Management Protocol implementations. This vulnerability affects devices running SNMP versions that fail to properly secure credential retrieval mechanisms, specifically targeting the enterprise-specific OID structure used by NETWAVE for device management operations. The flaw manifests when remote attackers can access the device's credential storage through standard SNMP GET operations against specific object identifiers that should remain protected from unauthorized access.
The technical exploitation of this vulnerability occurs through SNMP protocol enumeration where attackers can query two specific OIDs: iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0. These OIDs correspond to credential storage locations within the device's MIB (Management Information Base) structure, allowing unauthorized parties to retrieve authentication information without proper authorization. The vulnerability stems from inadequate access control mechanisms within the SNMP implementation, where sensitive data elements are exposed through read operations that should be restricted to authorized administrators only. This represents a classic case of insufficient authorization controls within network management protocols, aligning with CWE-284 which addresses improper access control in network services.
The operational impact of this vulnerability extends beyond simple credential exposure, as it enables attackers to gain unauthorized access to the device management interface and potentially compromise the entire network infrastructure under the device's control. Once credentials are obtained, attackers can perform administrative functions including configuration changes, firmware updates, and access to other network resources managed by the device. The exposure affects the device's security posture by eliminating the fundamental principle of least privilege in network management, where administrative access should be strictly controlled and authenticated. This vulnerability particularly impacts organizations relying on SNMP-based monitoring and management systems, as it demonstrates how legacy network device implementations may not properly enforce security boundaries, creating persistent access vectors for attackers. The risk is compounded by the fact that these credentials can often be used across multiple devices within the same network segment, potentially enabling lateral movement and broader compromise.
Organizations should implement immediate mitigations including SNMP access control configuration, where community strings are changed to strong, unique values and access restrictions are applied to SNMP management interfaces. Network segmentation should be implemented to isolate management traffic from user networks, and the device should be updated to firmware versions that properly secure credential storage mechanisms. The vulnerability aligns with ATT&CK technique T1078 which addresses valid accounts and credential access, as it allows attackers to obtain legitimate administrative credentials through legitimate network management protocols. Additionally, network monitoring should be enhanced to detect anomalous SNMP traffic patterns that may indicate credential harvesting attempts. Regular security assessments of network infrastructure should include SNMP configuration reviews to ensure proper access controls are maintained. Device vendors should be contacted to determine if firmware updates are available that address this specific credential exposure issue, as the vulnerability represents a fundamental flaw in how the device handles sensitive information through standard network management protocols.