1. Home
  2. CVE Database
  3. CVE-2020-29380
MEDIUM · 5.9

CVE-2020-29380

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH ...

Vulnerability Description

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
VsolcnV1600D Firmware2.03.57
VsolcnV1600D-
VsolcnV1600D4L Firmware1.01.49
VsolcnV1600D4L-
VsolcnV1600D-Mini Firmware1.01.48
VsolcnV1600D-Mini-
VsolcnV1600G1 Firmware1.9.7
VsolcnV1600G1-
VsolcnV1600G2 Firmware1.1.4
VsolcnV1600G2-

Related Weaknesses (CWE)

CWE-522CWE-319

References

FAQ

What is CVE-2020-29380?

CVE-2020-29380 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH ...

How severe is CVE-2020-29380?

CVE-2020-29380 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29380?

Check the references section above for vendor advisories and patch information. Affected products include: Vsolcn V1600D Firmware, Vsolcn V1600D, Vsolcn V1600D4L Firmware, Vsolcn V1600D4L, Vsolcn V1600D-Mini Firmware.