CERTVU:335192Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
68.7%
Overview
Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.
Description
CWE-259: Use of Hard-coded Password - CVE-2015-2904
Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2905
Actiontec GT784WN Wireless N DSL Modem contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in combination with hard-coded credentials, an attacker can reliably establish an active session as part of an attack and therefore does not require a victim to be logged in.
The CVSS score below describes CVE-2015-2904.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user’s browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.
Solution
Apply an update
Actiontec has released NCS01-1.0.13 to address these vulnerabilities. Users are encouraged to update their firmware to the latest release.
Vendor Information
335192
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Actiontec __ Affected
Notified: July 13, 2015 Updated: August 10, 2015
Statement Date: August 06, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
Addendum
Actiontec GT784WN Wireless N DSL Modem is affected.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23335192 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 6.5 | E:POC/RL:OF/RC:C |
| Environmental | 4.9 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://www.actiontec.com/support/soft_files/GT784WN_NCS_HTTP-Upgrade_NCS01-1.0.13.img>
- <http://cwe.mitre.org/data/definitions/259.html>
- <http://cwe.mitre.org/data/definitions/352.html>
Acknowledgements
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.
Other Information
| CVE IDs: | CVE-2015-2904, CVE-2015-2905 |
|---|---|
| Date Public: | 2015-08-11 Date First Published: |
Related
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
68.7%