// For flags

CVE-2018-15748

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.

En las impresoras Dell 2335dn con versión de firmware de Printer 2.70.05.02, de Engine 1.10.65 y Network V4.02.15(2335dn MFP) 11-22-2010, la interfaz de administración permite que un atacante autenticado recupere la contraseña SMTP o LDAP configurada al ver el código fuente HTML de la página web de configuración del correo electrónico. En algunos casos, la autenticación puede lograrse con la contraseña predeterminada en blanco para la cuenta de administrador. NOTA: el fabricante indica que se trata de un producto que ya no tiene soporte técnico.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-08-23 CVE Reserved
  • 2018-08-23 CVE Published
  • 2024-09-17 CVE Updated
  • 2024-09-17 EPSS Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-521: Weak Password Requirements
CAPEC
References (1)
URL Tag Source
URL Date SRC
https://www.gerrenmurphy.com/dell-2335dn-password-disclosure 2024-09-17
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dell
Search vendor "Dell"
 2335dn Engine Firmware
Search vendor "Dell" for product "2335dn Engine Firmware"
 1.10.65
Search vendor "Dell" for product "2335dn Engine Firmware" and version "1.10.65"
-
Affected
in Dell
Search vendor "Dell"
 2335dn
Search vendor "Dell" for product "2335dn"
--
Safe
Dell
Search vendor "Dell"
 2335dn Network Firmware
Search vendor "Dell" for product "2335dn Network Firmware"
 v4.02.15\(2335dn_mfp\)_11-22-2010
Search vendor "Dell" for product "2335dn Network Firmware" and version "v4.02.15\(2335dn_mfp\)_11-22-2010"
-
Affected
in Dell
Search vendor "Dell"
 2335dn
Search vendor "Dell" for product "2335dn"
--
Safe
Dell
Search vendor "Dell"
 2335dn Printer Firmware
Search vendor "Dell" for product "2335dn Printer Firmware"
 2.70.05.02
Search vendor "Dell" for product "2335dn Printer Firmware" and version "2.70.05.02"
-
Affected
in Dell
Search vendor "Dell"
 2335dn
Search vendor "Dell" for product "2335dn"
--
Safe