MidnightBSD

Advisories for cdata

CVE-2020-29056 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
cdatatec 97084p_firmware 2.4.03_000
cdatatec 92408a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec 9008a_firmware 1.2.2
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec 72408a_firmware 1.2.2
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec 9288_firmware 2.4.04_001
cdatatec fd1002s_firmware 2.4.04_001
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 72408a_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.05_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97016_firmware 1.2.2
cdatatec fd1002s_firmware 1.2.2
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104sn_firmware 1.2.2
cdatatec 97084p_firmware 2.4.05_000
cdatatec 9016a_firmware 2.4.03_000
cdatatec fd1104s_firmware 2.4.05_000
cdatatec fd1204sn_firmware 1.2.2
cdatatec 97168p_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdata fd1104_firmware 2.4.03_000
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1608sn_firmware 2.4.04_001
cdatatec 97084p_firmware 1.2.2
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1616gs_firmware 1.2.2
cdatatec fd1104s_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.05_000
cdatatec 92408a_firmware 1.2.2
cdatatec 97028p_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec 97168p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd8000_firmware 1.2.2
cdatatec 92416a_firmware 2.4.04_001
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97042p_firmware 1.2.2
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec 9288_firmware 1.2.2
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec 9288_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 97028p_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.03_000
cdatatec fd1104s_firmware 2.4.04_001
cdatatec fd8000_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.04_001
cdatatec 9008a_firmware 2.4.05_000
cdatatec 72408a_firmware 2.4.04_001
cdatatec 9288_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec 97024p_firmware 1.2.2
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.05_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
CVE-2023-24243

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

Products Affected

Vendor Product Version
cdata arc *
CVE-2025-9273

CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.

Products Affected

Vendor Product Version
cdata api_server -