Lucene search
K

83 matches found

Prion
Prion
added 2019/06/27 5:15 p.m.14 views

Code injection

An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...

10CVSS8.5AI score0.03258EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/06/27 4:55 p.m.86 views

CVE-2018-15556

CVE-2018-15556 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q (firmware v1.1.02.22). An attacker can log in as root with an empty password via the onboard UART headers, enabling full shell access. Public PoC material exists (PacketStorm/full disclosure) describing UART-based pr...

10CVSS9.5AI score0.03258EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/06/27 4:55 p.m.36 views

CVE-2018-15556

The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers...

9.6AI score0.03258EPSS
Exploits2References2
Cvelist
Cvelist
added 2019/06/27 4:52 p.m.22 views

CVE-2018-15557

An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...

8.7AI score0.03258EPSS
Exploits2References2
CVE
CVE
added 2019/06/27 4:52 p.m.74 views

CVE-2018-15557

CVE-2018-15557 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q devices (firmware v1.1.02.22). The issue allows an attacker with access to the 169.254.1.0/24 link-local subnet to obtain root by connecting to 169.254.1.2 on TCP port 23 (telnet/netcat). Documents corroborate a priv...

10CVSS8.5AI score0.03258EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2019/06/17 5:15 p.m.25 views

Code injection

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

7.2CVSS6.7AI score0.00574EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/06/17 4:19 p.m.36 views

CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

6.7AI score0.00574EPSS
Exploits2References2
CVE
CVE
added 2019/06/17 4:19 p.m.78 views

CVE-2019-12789

CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...

7.2CVSS6.7AI score0.00574EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2019/06/13 12:0 a.m.4 views

Telus Actiontec WEB6000Q Elevation of Privilege Vulnerability

The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...

10CVSS6.9AI score0.02974EPSS
Exploits1References1
CNVD
CNVD
added 2019/06/13 12:0 a.m.3 views

Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39178)

The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...

10CVSS6.9AI score0.03258EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.270 views

Telus Actiontec T2200H Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept...

0.5AI score0.00574EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.463 views

Telus Actiontec WEB6000Q Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: CVE-2018-15555 Main OS CVE: CVE-2018-15556 Quantenna OS Summary of Findings Both “main”...

1AI score0.03258EPSS
Exploits3
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

Telus Actiontec T2200H Local Elevation of Privilege Vulnerability

The Actiontec Electronics T2200H is a modem from Actiontec Electronics, USA. A security vulnerability exists in the Actiontec Electronics T2200H T2200H-31.128L.08 release. The vulnerability can be exploited by an attacker to obtain a shell with root privileges to permanently modify the device,...

7.2CVSS7.2AI score0.00574EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.192 views

Telus Actiontec T2200H Serial Number Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept 2018 CVE: Not needed...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.320 views

Telus Actiontec T2200H WiFi Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but very likely affecting other models of theirs Affected Firmware: T2200H-31.128L.08 Device Manual:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.130 views

Telus Actiontec WEB6000Q Serial Number Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: Sept 2018 CVE: Not needed since update is pushed by the provider. Summary of...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.196 views

Telus Actiontec WEB6000Q Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: Not needed since update is pushed by the provider. Summary of Findings By querying CGI...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/08/21 12:0 a.m.3 views

Telus Actiontec T2200H Command Injection Vulnerability

The Telus Actiontec T2200H is a modem device from Telus USA. A command injection vulnerability exists in the fileshare.cmd file in the Telus Actiontec T2200H using firmware version T2200H-31.128L.03. An attacker can exploit this vulnerability to inject operating system commands with the help of...

9CVSS9.1AI score0.02244EPSS
Exploits0References1
OSV
OSV
added 2018/08/20 12:29 a.m.3 views

CVE-2018-15553

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field...

8.8CVSS5.8AI score0.02244EPSS
Exploits0References1
Prion
Prion
added 2018/08/20 12:29 a.m.13 views

Command injection

fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field...

9CVSS9AI score0.02244EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder