PT-2020-17148 · V Sol · V-Sol V1600D4L+1

Alexandre Torres

Published

2020-11-29

Updated

2021-07-21

CVE-2020-29379

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions V-SOL V1600D4L version 1.01.49 V-SOL V1600D-MINI version 1.01.48

Description An issue was discovered on V-SOL OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.

Recommendations For V-SOL V1600D4L version 1.01.49, consider disabling the telnetd process until a patch is available. For V-SOL V1600D-MINI version 1.01.48, restrict access to the update script to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-29379

Affected Products

V-Sol V1600D-Mini

V-Sol V1600D4L

PT-2020-17148 · V Sol · V-Sol V1600D4L+1

CVE-2020-29379

Weakness Enumeration

Related Identifiers

Affected Products

References · 5