Note:
This project will be discontinued after December 13, 2021. [more]
Product:
9016a_firmware
(Cdatatec)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-24 | CVE-2020-29054 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can use "show system infor" to discover cleartext TELNET credentials. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29055 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. By default, the appliance can be managed remotely only with HTTP, telnet, and SNMP. It doesn't support SSL/TLS for HTTP or SSH. An attacker can intercept passwords sent in cleartext and conduct... | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 5.9 | ||
| 2020-11-24 | CVE-2020-29056 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. | Fd1104_firmware, 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29057 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 7.5 | ||
| 2020-11-24 | CVE-2020-29058 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. Attackers can discover cleartext web-server credentials via certain /opt/lighttpd/web/cgi/ requests. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29059 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default panger123 password for the suma123 account for certain old firmware. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29060 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29061 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default root126 password for the root account. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29062 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default blank password for the guest account. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 9.8 | ||
| 2020-11-24 | CVE-2020-29063 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | 72408a_firmware, 9008a_firmware, 9016a_firmware, 92408a_firmware, 92416a_firmware, 9288_firmware, 97016_firmware, 97024p_firmware, 97028p_firmware, 97042p_firmware, 97084p_firmware, 97168p_firmware, Fd1002s_firmware, Fd1104_firmware, Fd1104b_firmware, Fd1104s_firmware, Fd1104sn_firmware, Fd1108s_firmware, Fd1204s\-R2_firmware, Fd1204sn\-R2_firmware, Fd1204sn_firmware, Fd1208s\-R2_firmware, Fd1216s\-R1_firmware, Fd1608gs_firmware, Fd1608sn_firmware, Fd1616gs_firmware, Fd1616sn_firmware, Fd8000_firmware | 7.5 |