CVE-2020-29058 - OpenCVE

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cdatatec	72408a 72408a Firmware 9008a 9008a Firmware 9016a 9016a Firmware 92408a 92408a Firmware 92416a 92416a Firmware 9288 9288 Firmware 97016 97016 Firmware 97024p 97024p Firmware 97028p 97028p Firmware 97042p 97042p Firmware 97084p 97084p Firmware 97168p 97168p Firmware Fd1002s Fd1002s Firmware Fd1104 Fd1104 Firmware Fd1104b Fd1104b Firmware Fd1104s Fd1104s Firmware Fd1104sn Fd1104sn Firmware Fd1108s Fd1108s Firmware Fd1204s-r2 Fd1204s-r2 Firmware Fd1204sn Fd1204sn-r2 Fd1204sn-r2 Firmware Fd1204sn Firmware Fd1208s-r2 Fd1208s-r2 Firmware Fd1216s-r1 Fd1216s-r1 Firmware Fd1608gs Fd1608gs Firmware Fd1608sn Fd1608sn Firmware Fd1616gs Fd1616gs Firmware Fd1616sn Fd1616sn Firmware Fd8000 Fd8000 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:72408a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9008a:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cdatatec:9016a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9016a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9016a:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cdatatec:92408a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:92408a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:92408a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cdatatec:92416a_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:92416a_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:92416a:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cdatatec:9288_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:9288_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:9288:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cdatatec:97016_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97016_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97016:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cdatatec:97024p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97024p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97024p:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:cdatatec:97028p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97028p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97028p:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:cdatatec:97042p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97042p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97042p:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:cdatatec:97084p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97084p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97084p:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:cdatatec:97168p_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:97168p_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:97168p:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1002s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1002s:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104b_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104b:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104s:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1104sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1104sn:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1108s_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1108s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204s-r2:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204sn:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1204sn-r2:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

OR	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.05_000:::::::*

cpe:2.3:h:cdatatec:fd1208s-r2:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:h:cdatatec:fd1216s-r1:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.05_000:::::::*

Configuration 24 [-]

AND

cpe:2.3:h:cdatatec:fd1608gs:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd1608gs_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.05_000:::::::*

Configuration 25 [-]

AND

cpe:2.3:h:cdatatec:fd1608sn:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd1608sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.05_000:::::::*

Configuration 26 [-]

AND

cpe:2.3:h:cdatatec:fd1616gs:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd1616gs_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.05_000:::::::*

Configuration 27 [-]

AND

cpe:2.3:h:cdatatec:fd1616sn:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd1616sn_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.05_000:::::::*

Configuration 28 [-]

AND

cpe:2.3:h:cdatatec:fd8000:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:cdatatec:fd8000_firmware:1.2.2:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.03_000:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.04_001:::::::*
	cpe:2.3:o:cdatatec:fd8000_firmware:2.4.05_000:::::::*

No data.

References

Link	Providers
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-11-24T20:59:29

Updated: 2024-08-04T16:48:01.307Z

Reserved: 2020-11-24T00:00:00

Link: CVE-2020-29058

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-24T21:15:11.993

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-29058

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object