Lucene search

[email protected]CVE-2015-2904

HistoryAug 23, 2015 - 9:59 p.m.

CVE-2015-2904

2015-08-2321:59:00

[email protected]

web.nvd.nist.gov

cve-2015-2904

actiontec gt784wn

firmware

hardcoded credentials

remote attack

root access

nvd

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.

Affected configurations

NVD

Node

actiontec_ncs01_firmwareRange≤1.0.12

AND

actiontecgt784wn_wireless_n_dsl_modemMatch-

CPENameOperatorVersion
actiontec:ncs01_firmwareactiontec ncs01 firmwarele1.0.12

CPE	Name	Operator	Version
actiontec:ncs01_firmware	actiontec ncs01 firmware	le	1.0.12

References

www.kb.cert.org/vuls/id/335192

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2015-2904

cvelist1 prion1 nvd1 cert1