← Back to CVEs
CVE-2020-29060
CRITICAL9.8
Description
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/24/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
cdatatec:72408acdatatec:72408a_firmwarecdatatec:9008acdatatec:9008a_firmwarecdatatec:9016acdatatec:9016a_firmwarecdatatec:92408acdatatec:92408a_firmwarecdatatec:92416acdatatec:92416a_firmwarecdatatec:9288cdatatec:9288_firmwarecdatatec:97016cdatatec:97016_firmwarecdatatec:97024pcdatatec:97024p_firmwarecdatatec:97028pcdatatec:97028p_firmwarecdatatec:97042pcdatatec:97042p_firmwarecdatatec:97084pcdatatec:97084p_firmwarecdatatec:97168pcdatatec:97168p_firmwarecdatatec:fd1002scdatatec:fd1002s_firmwarecdatatec:fd1104cdatatec:fd1104_firmwarecdatatec:fd1104bcdatatec:fd1104b_firmwarecdatatec:fd1104scdatatec:fd1104s_firmwarecdatatec:fd1104sncdatatec:fd1104sn_firmwarecdatatec:fd1108scdatatec:fd1108s_firmwarecdatatec:fd1204s-r2cdatatec:fd1204s-r2_firmwarecdatatec:fd1204sncdatatec:fd1204sn-r2cdatatec:fd1204sn-r2_firmwarecdatatec:fd1204sn_firmwarecdatatec:fd1208s-r2cdatatec:fd1208s-r2_firmwarecdatatec:fd1216s-r1cdatatec:fd1216s-r1_firmwarecdatatec:fd1608gscdatatec:fd1608gs_firmwarecdatatec:fd1608sncdatatec:fd1608sn_firmwarecdatatec:fd1616gscdatatec:fd1616gs_firmwarecdatatec:fd1616sncdatatec:fd1616sn_firmwarecdatatec:fd8000cdatatec:fd8000_firmware
Weaknesses (CWE)
CWE-798
References
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.