CVE-2018-15556

Published: Jun 27, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.

Affected (1)

Products: Actiontec: Web6000q Firmware

Actiontec

1 product

Web6000q Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Actiontec Web6000q Firmware	Version 1.1.02.22

Running on/with	Platform Versions
Actiontec Web6000q	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jun/1

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jun/1

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2019/Jun/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2019/Jun/1

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.