Vulnerability Description
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cdatatec | Epon Cpe-Wifi Devices Firmware | 2.0.4-x000 |
| Cdatatec | Fd108Bn | - |
| Cdatatec | Fd111Hz | - |
| Cdatatec | Fd111Y | - |
| Cdatatec | Fd114Y | - |
| Cdatatec | Fd212Gw | - |
| Cdatatec | Fd212H | - |
| Cdatatec | Fd214Gh | - |
| Cdatatec | Fd214Gw | - |
| Cdatatec | Fd404Gh | - |
| Cdatatec | Fd404Gw | - |
| Cdatatec | Fd600-104 | - |
| Cdatatec | Fd600-104G | - |
| Cdatatec | Fd600-108F-Hz500 | - |
| Cdatatec | Fd600-111G | - |
| Cdatatec | Fd600-111Gw | - |
| Cdatatec | Fd600-301 | - |
| Cdatatec | Fd600-301Gw | - |
| Cdatatec | Fd600-304 | - |
| Cdatatec | Fd600-304Ga-Hr500 | - |
Related Weaknesses (CWE)
References
- https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technExploitThird Party Advisory
- https://www.reddit.com/r/networking/comments/abu4kq/vulnerability_in_cdata_technExploitThird Party Advisory
FAQ
What is CVE-2018-20512?
CVE-2018-20512 is a vulnerability with a CVSS score of 9.8 (CRITICAL). EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
How severe is CVE-2018-20512?
CVE-2018-20512 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-20512?
Check the references section above for vendor advisories and patch information. Affected products include: Cdatatec Epon Cpe-Wifi Devices Firmware, Cdatatec Fd108Bn, Cdatatec Fd111Hz, Cdatatec Fd111Y, Cdatatec Fd114Y.