CVE-2020-29063

CVSS V2 Medium 5 CVSS V3 High 7.5
Description
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value.
Overview
  • CVE ID
  • CVE-2020-29063
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2020-11-24T21:15:12
  • Last Modified Date
  • 2021-07-21T11:39:23
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:cdatatec:72408a_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:72408a_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:72408a_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:72408a_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:72408a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:9008a_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9008a_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9008a_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9008a_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:9008a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:9016a_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9016a_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9016a_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9016a_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:9016a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:92408a_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92408a_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92408a_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92408a_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:92408a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:92416a_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92416a_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92416a_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:92416a_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:92416a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:9288_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9288_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9288_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:9288_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:9288:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97016_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97016_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97016_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97016_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97016:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97024p_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97024p_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97024p_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97024p_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97024p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97028p_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97028p_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97028p_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97028p_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97028p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97042p_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97042p_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97042p_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97042p_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97042p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97084p_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97084p_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97084p_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97084p_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97084p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:97168p_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97168p_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97168p_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:97168p_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:97168p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1002s_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1002s_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1002s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1104_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1104:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1104b_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104b_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1104b:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1104s_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104s_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1104s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1104sn_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1104sn_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1104sn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1108s_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1108s_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1108s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1204s-r2_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204s-r2_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1204s-r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1204sn_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1204sn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1204sn-r2_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1204sn-r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1208s-r2_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1208s-r2_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1208s-r2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1216s-r1_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1216s-r1_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1216s-r1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1608gs_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608gs_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1608gs:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1608sn_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1608sn_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1608sn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1616gs_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616gs_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1616gs:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd1616sn_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd1616sn_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd1616sn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:cdatatec:fd8000_firmware:1.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd8000_firmware:2.4.03_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd8000_firmware:2.4.04_001:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cdatatec:fd8000_firmware:2.4.05_000:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cdatatec:fd8000:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 07:04:26 Added to TrackCVE
2022-12-05 17:18:35 2020-11-24T21:15Z 2020-11-24T21:15:12 CVE Published Date updated
2022-12-05 17:18:35 2021-07-21T11:39:23 CVE Modified Date updated
2022-12-05 17:18:35 Analyzed Vulnerability Status updated