CVE-2018-15555

Published: Jun 28, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.

Affected (1)

Products: Actiontec: Web6000q Firmware

Actiontec

1 product

Web6000q Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Actiontec Web6000q Firmware	Version 1.1.02.22

Running on/with	Platform Versions
Actiontec Web6000q	All versions

Related CWEs

CWE-662

Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

References (4)

http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jun/1

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jun/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.