MidnightBSD

Advisories for cdatatec

CVE-2018-20512 HIGH

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-565,

Products Affected

Vendor Product Version
cdatatec epon_cpe-wifi_devices_firmware 2.0.4-x000
CVE-2020-29054 MEDIUM

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29055 MEDIUM

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct man-in-the-middle attacks on the management of the appliance.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29056 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdata fd1104_firmware 2.4.03_000
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29057 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29058 MEDIUM

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29059 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29060 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29061 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29062 HIGH

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2020-29063 MEDIUM

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cdatatec 97024p_firmware 1.2.2
cdatatec 92416a_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.05_000
cdatatec fd1208s-r2_firmware 2.4.05_000
cdatatec fd1108s_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.03_000
cdatatec fd1104b_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.03_000
cdatatec 9016a_firmware 2.4.04_001
cdatatec 72408a_firmware 2.4.05_000
cdatatec fd1104_firmware 2.4.04_001
cdatatec 97016_firmware 1.2.2
cdatatec fd1204sn_firmware 1.2.2
cdatatec fd1616sn_firmware 2.4.05_000
cdatatec 97042p_firmware 2.4.03_000
cdatatec fd1104_firmware 1.2.2
cdatatec 97168p_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 1.2.2
cdatatec 92408a_firmware 2.4.05_000
cdatatec 97168p_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.04_001
cdatatec 97016_firmware 2.4.03_000
cdatatec fd1204sn_firmware 2.4.05_000
cdatatec fd1104b_firmware 1.2.2
cdatatec 97016_firmware 2.4.04_001
cdatatec fd1208s-r2_firmware 1.2.2
cdatatec fd1104_firmware 2.4.03_000
cdatatec fd1204sn-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.03_000
cdatatec 97084p_firmware 2.4.05_000
cdatatec fd1216s-r1_firmware 2.4.03_000
cdatatec 9288_firmware 1.2.2
cdatatec 9016a_firmware 1.2.2
cdatatec 72408a_firmware 2.4.04_001
cdatatec fd1002s_firmware 1.2.2
cdatatec fd1216s-r1_firmware 2.4.05_000
cdatatec 97016_firmware 2.4.05_000
cdatatec 92416a_firmware 1.2.2
cdatatec 97028p_firmware 2.4.04_001
cdatatec 9016a_firmware 2.4.03_000
cdatatec 9008a_firmware 2.4.05_000
cdatatec fd1204sn-r2_firmware 2.4.05_000
cdatatec fd8000_firmware 2.4.05_000
cdatatec fd1104sn_firmware 2.4.04_001
cdatatec fd1104b_firmware 2.4.05_000
cdatatec 9008a_firmware 1.2.2
cdatatec fd1208s-r2_firmware 2.4.04_001
cdatatec fd1104sn_firmware 1.2.2
cdatatec fd1108s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.04_001
cdatatec fd1204sn-r2_firmware 2.4.04_001
cdatatec fd1616sn_firmware 1.2.2
cdatatec fd1616gs_firmware 1.2.2
cdatatec 97024p_firmware 2.4.03_000
cdatatec fd1208s-r2_firmware 2.4.03_000
cdatatec fd1204s-r2_firmware 2.4.03_000
cdatatec fd1108s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.03_000
cdatatec 92408a_firmware 1.2.2
cdatatec 92408a_firmware 2.4.03_000
cdatatec fd1608sn_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.04_001
cdatatec 97042p_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.03_000
cdatatec fd1002s_firmware 2.4.03_000
cdatatec fd1104sn_firmware 2.4.05_000
cdatatec 97028p_firmware 1.2.2
cdatatec 97042p_firmware 2.4.04_001
cdatatec 97042p_firmware 1.2.2
cdatatec 97028p_firmware 2.4.05_000
cdatatec fd1204s-r2_firmware 1.2.2
cdatatec fd1216s-r1_firmware 1.2.2
cdatatec fd8000_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.04_001
cdatatec 92408a_firmware 2.4.04_001
cdatatec 97028p_firmware 2.4.03_000
cdatatec fd1608gs_firmware 1.2.2
cdatatec fd1002s_firmware 2.4.05_000
cdatatec fd1608sn_firmware 1.2.2
cdatatec 9288_firmware 2.4.03_000
cdatatec 97168p_firmware 2.4.04_001
cdatatec fd1104s_firmware 1.2.2
cdatatec 72408a_firmware 1.2.2
cdatatec fd8000_firmware 2.4.03_000
cdatatec fd1616gs_firmware 2.4.03_000
cdatatec 97024p_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.03_000
cdatatec fd1216s-r1_firmware 2.4.04_001
cdatatec 92416a_firmware 2.4.04_001
cdatatec 97084p_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.03_000
cdatatec 92416a_firmware 2.4.03_000
cdatatec 9288_firmware 2.4.05_000
cdatatec fd1616sn_firmware 2.4.04_001
cdatatec fd1204s-r2_firmware 2.4.04_001
cdatatec fd1104s_firmware 2.4.05_000
cdatatec 9008a_firmware 2.4.03_000
cdatatec 97084p_firmware 1.2.2
cdatatec fd1204s-r2_firmware 2.4.05_000
cdatatec fd1608gs_firmware 2.4.04_001
cdatatec fd1204sn_firmware 2.4.04_001
cdatatec 97168p_firmware 1.2.2
cdatatec fd1104_firmware 2.4.05_000
cdatatec fd1616gs_firmware 2.4.05_000
cdatatec fd1608sn_firmware 2.4.04_001
CVE-2022-29337 HIGH

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
cdatatec fd702xw-x-r430_firmware 2.1.13_x001
CVE-2022-4257

A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.

Products Affected

Vendor Product Version
cdatatec c-data_web_management_system -
CVE-2023-3305 HIGH

A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
cdatatec web_management_system *