CVE-2020-29060

Name: CVE-2020-29060
Creator: NVD / NIST
Published: 2020-11-24T21:15:12.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.46%

Last modified Jun 17, 2026

CVE-2020-29060 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.. EPSS estimates a 1.46% chance of exploitation in the next 30 days.

Description

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. There is a default debug124 password for the debug account.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.46%

70.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-798

Affected Software

Vendor	Product	Versions
Cdatatec	72408a Firmware	1.2.2
Cdatatec	72408a Firmware	2.4.03_000
Cdatatec	72408a Firmware	2.4.04_001
Cdatatec	72408a Firmware	2.4.05_000
Cdatatec	9008a Firmware	1.2.2
Cdatatec	9008a Firmware	2.4.03_000
Cdatatec	9008a Firmware	2.4.04_001
Cdatatec	9008a Firmware	2.4.05_000
Cdatatec	9016a Firmware	1.2.2
Cdatatec	9016a Firmware	2.4.03_000
Cdatatec	9016a Firmware	2.4.04_001
Cdatatec	9016a Firmware	2.4.05_000
Cdatatec	92408a Firmware	1.2.2
Cdatatec	92408a Firmware	2.4.03_000
Cdatatec	92408a Firmware	2.4.04_001
Cdatatec	92408a Firmware	2.4.05_000
Cdatatec	92416a Firmware	1.2.2
Cdatatec	92416a Firmware	2.4.03_000
Cdatatec	92416a Firmware	2.4.04_001
Cdatatec	92416a Firmware	2.4.05_000
Cdatatec	9288 Firmware	1.2.2
Cdatatec	9288 Firmware	2.4.03_000
Cdatatec	9288 Firmware	2.4.04_001
Cdatatec	9288 Firmware	2.4.05_000
Cdatatec	97016 Firmware	1.2.2
Cdatatec	97016 Firmware	2.4.03_000
Cdatatec	97016 Firmware	2.4.04_001
Cdatatec	97016 Firmware	2.4.05_000
Cdatatec	97024p Firmware	1.2.2
Cdatatec	97024p Firmware	2.4.03_000
Cdatatec	97024p Firmware	2.4.04_001
Cdatatec	97024p Firmware	2.4.05_000
Cdatatec	97028p Firmware	1.2.2
Cdatatec	97028p Firmware	2.4.03_000
Cdatatec	97028p Firmware	2.4.04_001
Cdatatec	97028p Firmware	2.4.05_000
Cdatatec	97042p Firmware	1.2.2
Cdatatec	97042p Firmware	2.4.03_000
Cdatatec	97042p Firmware	2.4.04_001
Cdatatec	97042p Firmware	2.4.05_000
Cdatatec	97084p Firmware	1.2.2
Cdatatec	97084p Firmware	2.4.03_000
Cdatatec	97084p Firmware	2.4.04_001
Cdatatec	97084p Firmware	2.4.05_000
Cdatatec	97168p Firmware	1.2.2
Cdatatec	97168p Firmware	2.4.03_000
Cdatatec	97168p Firmware	2.4.04_001
Cdatatec	97168p Firmware	2.4.05_000
Cdatatec	Fd1002s Firmware	1.2.2
Cdatatec	Fd1002s Firmware	2.4.03_000

Showing 50 of 112 affected configurations. See NVD for the full list.

References

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.htmlExploit, Third Party Advisory
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.htmlExploit, Third Party Advisory

Timeline

Published: Nov 24, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-29060?

How severe is CVE-2020-29060?

CVE-2020-29060 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.46% probability of exploitation in the next 30 days.

How do I fix CVE-2020-29060?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-29060?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST