← Voltar para CVEs
CVE-2020-29062
CRITICAL9.8
Descricao
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/24/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
cdatatec:72408acdatatec:72408a_firmwarecdatatec:9008acdatatec:9008a_firmwarecdatatec:9016acdatatec:9016a_firmwarecdatatec:92408acdatatec:92408a_firmwarecdatatec:92416acdatatec:92416a_firmwarecdatatec:9288cdatatec:9288_firmwarecdatatec:97016cdatatec:97016_firmwarecdatatec:97024pcdatatec:97024p_firmwarecdatatec:97028pcdatatec:97028p_firmwarecdatatec:97042pcdatatec:97042p_firmwarecdatatec:97084pcdatatec:97084p_firmwarecdatatec:97168pcdatatec:97168p_firmwarecdatatec:fd1002scdatatec:fd1002s_firmwarecdatatec:fd1104cdatatec:fd1104_firmwarecdatatec:fd1104bcdatatec:fd1104b_firmwarecdatatec:fd1104scdatatec:fd1104s_firmwarecdatatec:fd1104sncdatatec:fd1104sn_firmwarecdatatec:fd1108scdatatec:fd1108s_firmwarecdatatec:fd1204s-r2cdatatec:fd1204s-r2_firmwarecdatatec:fd1204sncdatatec:fd1204sn-r2cdatatec:fd1204sn-r2_firmwarecdatatec:fd1204sn_firmwarecdatatec:fd1208s-r2cdatatec:fd1208s-r2_firmwarecdatatec:fd1216s-r1cdatatec:fd1216s-r1_firmwarecdatatec:fd1608gscdatatec:fd1608gs_firmwarecdatatec:fd1608sncdatatec:fd1608sn_firmwarecdatatec:fd1616gscdatatec:fd1616gs_firmwarecdatatec:fd1616sncdatatec:fd1616sn_firmwarecdatatec:fd8000cdatatec:fd8000_firmware
Fraquezas (CWE)
CWE-798
Referencias
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.