CVE-2020-29058

Name of the Vulnerable Software and Affected Versions CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000

Description An issue was discovered that allows attackers to discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. This is related to insufficient protection of registration data, which can allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For CDATA versions 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000, consider restricting access to the /opt/lighttpd/web/cgi/ endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.