CVE-2020-29381

Name of the Vulnerable Software and Affected Versions V-SOL V1600D versions V2.03.57 through V2.03.69 V-SOL V1600D4L version V1.01.49 V-SOL V1600D-MINI version V1.01.48 V-SOL V1600G1 versions V1.9.7 through V2.0.7 V-SOL V1600G2 version V1.1.4

Description An issue was discovered in V-SOL OLT devices, where command injection can occur via a crafted filename in the CLI, specifically in the "upload tftp syslog" and "upload tftp configuration" commands.

Recommendations For V-SOL V1600D versions V2.03.57 through V2.03.69, consider disabling the "upload tftp syslog" and "upload tftp configuration" commands in the CLI until a patch is available. For V-SOL V1600D4L version V1.01.49, restrict access to the CLI to minimize the risk of exploitation. For V-SOL V1600D-MINI version V1.01.48, avoid using crafted filenames in the "upload tftp syslog" and "upload tftp configuration" commands. For V-SOL V1600G1 versions V1.9.7 through V2.0.7, consider implementing additional security measures to prevent command injection attacks. For V-SOL V1600G2 version V1.1.4, restrict access to the vulnerable commands in the CLI to prevent exploitation.