Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-15748

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenticated attacker to retrieve the configured SMTP or LDAP password by viewing the HTML source code of the Email Settings webpage. In some cases, authentication can be achieved with the blank default password for the admin account. NOTE: the vendor indicates that this is an "End Of Support Life" product.

Published

2018-08-23T15:29:00.537

Last Modified

2024-11-21T03:51:23.403

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-521

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	2335dn_engine_firmware	1.10.65	Yes
Operating System	dell	2335dn_network_firmware	v4.02.15\(2335dn_mfp\)_11-22-2010	Yes
Operating System	dell	2335dn_printer_firmware	2.70.05.02	Yes
Hardware	dell	2335dn	-	No

References

https://www.gerrenmurphy.com/dell-2335dn-password-disclosure/ Exploit, Third Party Advisory ([email protected])
https://www.gerrenmurphy.com/dell-2335dn-password-disclosure/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)