CVE-2020-29378
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
29/11/2020
Last modified:
21/07/2021
Description
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:vsolcn:v1600d_firmware:2.03.57:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600d_firmware:2.03.69:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vsolcn:v1600d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600d4l_firmware:1.01.49:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vsolcn:v1600d4l:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600d-mini_firmware:1.01.48:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vsolcn:v1600d-mini:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600g1_firmware:1.9.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600g1_firmware:2.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vsolcn:v1600g1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:vsolcn:v1600g2_firmware:1.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:h:vsolcn:v1600g2:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page