CVE-2020-29375

HIGH

V-SOL V1600D/V1600D4L/V1600D-MINI/V1600G1/V1600G2 - Authenticated Privilege Escalation via Hardcoded Password

Title source: llm
STIX 2.1

Description

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2020/Jul/14

Scores

CVSS v3 8.8
EPSS 0.0080
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-798
Status published
Products (7)
vsolcn/v1600d-mini_firmware 1.01.48
vsolcn/v1600d4l_firmware 1.01.49
vsolcn/v1600d_firmware 2.03.57
vsolcn/v1600d_firmware 2.03.69
vsolcn/v1600g1_firmware 1.9.7
vsolcn/v1600g1_firmware 2.0.7
vsolcn/v1600g2_firmware 1.1.4
Published Nov 29, 2020
Tracked Since Feb 18, 2026