Lucene search

[email protected]CVE-2020-29063

HistoryNov 24, 2020 - 9:15 p.m.

CVE-2020-29063

2020-11-2421:15:00

CWE-327

[email protected]

web.nvd.nist.gov

cve-2020-29063

cdata

encryption

password

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g value.

CPENameOperatorVersion
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq1.2.2
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.03_000
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.04_001
cdatatec:72408a_firmwarecdatatec 72408a firmwareeq2.4.05_000
cdatatec:9008a_firmwarecdatatec 9008a firmwareeq1.2.2
cdatatec:9008a_firmwarecdatatec 9008a firmwareeq2.4.03_000
cdatatec:9008a_firmwarecdatatec 9008a firmwareeq2.4.04_001
cdatatec:9008a_firmwarecdatatec 9008a firmwareeq2.4.05_000
cdatatec:9016a_firmwarecdatatec 9016a firmwareeq1.2.2
cdatatec:9016a_firmwarecdatatec 9016a firmwareeq2.4.03_000

CPE	Name	Operator	Version
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	1.2.2
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.03_000
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.04_001
cdatatec:72408a_firmware	cdatatec 72408a firmware	eq	2.4.05_000
cdatatec:9008a_firmware	cdatatec 9008a firmware	eq	1.2.2
cdatatec:9008a_firmware	cdatatec 9008a firmware	eq	2.4.03_000
cdatatec:9008a_firmware	cdatatec 9008a firmware	eq	2.4.04_001
cdatatec:9008a_firmware	cdatatec 9008a firmware	eq	2.4.05_000
cdatatec:9016a_firmware	cdatatec 9016a firmware	eq	1.2.2
cdatatec:9016a_firmware	cdatatec 9016a firmware	eq	2.4.03_000

Rows per page:

1-10 of 1121

References

pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.7%

JSON

Related for CVE-2020-29063

cvelist1 prion1