PT-2020-17151 · V Sol · V-Sol V1600G1+2

Alexandre Torres

Published

2020-11-29

Updated

2020-12-01

CVE-2020-29382

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions V-SOL V1600D versions V2.03.57 through V2.03.69 V-SOL V1600G1 versions V1.9.7 through V2.0.7 V-SOL V1600G2 version V1.1.4

Description An issue was discovered in V-SOL OLT devices where a hardcoded RSA private key is contained in the firmware images. This key is specific to V1600D, V1600G1, and V1600G2 devices.

Recommendations For V-SOL V1600D versions V2.03.57 through V2.03.69, consider updating the firmware to remove the hardcoded RSA private key. For V-SOL V1600G1 versions V1.9.7 through V2.0.7, consider updating the firmware to remove the hardcoded RSA private key. For V-SOL V1600G2 version V1.1.4, consider updating the firmware to remove the hardcoded RSA private key. As a temporary workaround, consider restricting access to the firmware images to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-29382

Affected Products

V-Sol V1600D

V-Sol V1600G1

V-Sol V1600G2

PT-2020-17151 · V Sol · V-Sol V1600G1+2

CVE-2020-29382

Weakness Enumeration

Related Identifiers

Affected Products

References · 6