Lucene search
+L

11 matches found

redhatcve
redhatcve
added 2026/01/09 11:58 a.m.7 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6.1CVSS6AI score0.0083EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-11594

Malware in sbrugna...

6.1CVSS6.3AI score0.0083EPSS
Exploits1References2
nvd
nvd
added 2018/12/06 10:29 p.m.20 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6.1CVSS5.9AI score0.0083EPSS
Exploits1References1
osv
osv
added 2018/12/06 10:29 p.m.6 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6.1CVSS6AI score0.0083EPSS
Exploits1References1
cvelist
cvelist
added 2018/12/06 10:0 p.m.21 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6AI score0.0083EPSS
Exploits1References1
cve
cve
added 2018/12/06 10:0 p.m.39 views

CVE-2018-19922

The CVE-2018-19922 entry describes a Persistent Cross-Site Scripting (XSS) in the Actiontec C1000A router: the advancedsetup_websiteblocking.html Website Blocking page is vulnerable due to improper handling of the TodUrlAdd parameter in a /urlfilter.cmd POST request. This allows a remote attacker...

6.1CVSS5.9AI score0.0083EPSS
Exploits1References1Affected Software1
zdt
zdt
added 2017/11/06 12:0 a.m.32 views

Actiontec C1000A Modem - Backdoor Account Vulnerability

Exploit for hardware platform in category remote exploits Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86...

7.1AI score
Exploits0
openvas
openvas
added 2017/11/06 12:0 a.m.403 views

Actiontec C1000A Modem Backup Account (Telnet)

The Actiontec C1000A modem has a backdoor account with hardcoded credentials. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.3AI score
Exploits0References1
exploitpack
exploitpack
added 2017/11/04 12:0 a.m.25 views

Actiontec C1000A Modem - Backdoor Account

Actiontec C1000A Modem - Backdoor Account Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86 Tested on: Linu...

0.5AI score
Exploits0
exploitdb
exploitdb
added 2017/11/04 12:0 a.m.38 views

Actiontec C1000A Modem - Backdoor Account

Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86 Tested on: Linux CVE : NA The Actiontec C1000A Modem...

7.4AI score
Exploits0
zdt
zdt
added 2015/09/25 12:0 a.m.59 views

ActionTec C1000A Modem/Router XSS and arbitrary CSRF Vulnerabilities

This moden and router, like most, is a sea filled with CSRF and XSS exploits. If the user is logged in to the modem say, an administrator, a specific link can be crafted to execute arbitrary web UI commands. The addition of the XSS is really just a bonus allowing for more complex vectors. The...

7AI score
Exploits0
Rows per page
Query Builder