1. Home
  2. CVE Database
  3. CVE-2020-29381
CRITICAL · 9.8

CVE-2020-29381

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "uploa...

Vulnerability Description

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
VsolcnV1600D Firmware2.03.57
VsolcnV1600D-
VsolcnV1600D4L Firmware1.01.49
VsolcnV1600D4L-
VsolcnV1600D-Mini Firmware1.01.48
VsolcnV1600D-Mini-
VsolcnV1600G1 Firmware1.9.7
VsolcnV1600G1-
VsolcnV1600G2 Firmware1.1.4
VsolcnV1600G2-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-29381?

CVE-2020-29381 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "uploa...

How severe is CVE-2020-29381?

CVE-2020-29381 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-29381?

Check the references section above for vendor advisories and patch information. Affected products include: Vsolcn V1600D Firmware, Vsolcn V1600D, Vsolcn V1600D4L Firmware, Vsolcn V1600D4L, Vsolcn V1600D-Mini Firmware.