PT-2020-17152 · V Sol · V-Sol V1600D4L+1

Alexandre Torres

Published

2020-11-29

Updated

2020-12-01

CVE-2020-29383

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions V-SOL V1600D4L version 1.01.49 V-SOL V1600D-MINI version 1.01.48

Description An issue was discovered on V-SOL OLT devices, where a hardcoded RSA private key is contained in the firmware images. This key is specific to the V1600D4L and V1600D-MINI devices.

Recommendations For V-SOL V1600D4L version 1.01.49, consider updating the firmware to remove the hardcoded RSA private key. For V-SOL V1600D-MINI version 1.01.48, consider updating the firmware to remove the hardcoded RSA private key. As a temporary workaround, consider restricting access to the firmware images to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2020-29383

Affected Products

V-Sol V1600D-Mini

V-Sol V1600D4L

PT-2020-17152 · V Sol · V-Sol V1600D4L+1

CVE-2020-29383

Weakness Enumeration

Related Identifiers

Affected Products

References · 6