136 matches found
CVE-2018-15557
CVE-2018-15557 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q devices (firmware v1.1.02.22). The issue allows an attacker with access to the 169.254.1.0/24 link-local subnet to obtain root by connecting to 169.254.1.2 on TCP port 23 (telnet/netcat). Documents corroborate a priv...
CVE-2019-12789
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...
CVE-2019-12789
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...
Code injection
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...
CVE-2019-12789
CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...
Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39179)
The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Actiontec WEB6000Q version 1.1.02.22. The vulnerability can be exploited to gain root access by connecting to port 23 of host 169.254.1.2 using telnet/netcat...
Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39178)
The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...
Telus Actiontec WEB6000Q Elevation of Privilege Vulnerability
The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...
Telus Actiontec WEB6000Q Denial Of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: Not needed since update is pushed by the provider. Summary of Findings By querying CGI...
Telus Actiontec T2200H Local Elevation of Privilege Vulnerability
The Actiontec Electronics T2200H is a modem from Actiontec Electronics, USA. A security vulnerability exists in the Actiontec Electronics T2200H T2200H-31.128L.08 release. The vulnerability can be exploited by an attacker to obtain a shell with root privileges to permanently modify the device,...
Telus Actiontec T2200H Local Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept...
Telus Actiontec T2200H Serial Number Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept 2018 CVE: Not needed...
Telus Actiontec T2200H WiFi Credential Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but very likely affecting other models of theirs Affected Firmware: T2200H-31.128L.08 Device Manual:...
Telus Actiontec WEB6000Q Serial Number Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: Sept 2018 CVE: Not needed since update is pushed by the provider. Summary of...
Telus Actiontec WEB6000Q Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: CVE-2018-15555 Main OS CVE: CVE-2018-15556 Quantenna OS Summary of Findings Both “main”...
CVE-2018-19922
Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...
CVE-2018-19922
Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...
CVE-2018-19922
Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...
CVE-2018-19922
The CVE-2018-19922 entry describes a Persistent Cross-Site Scripting (XSS) in the Actiontec C1000A router: the advancedsetup_websiteblocking.html Website Blocking page is vulnerable due to improper handling of the TodUrlAdd parameter in a /urlfilter.cmd POST request. This allows a remote attacker...
Telus Actiontec T2200H Command Injection Vulnerability
The Telus Actiontec T2200H is a modem device from Telus USA. A command injection vulnerability exists in the fileshare.cmd file in the Telus Actiontec T2200H using firmware version T2200H-31.128L.03. An attacker can exploit this vulnerability to inject operating system commands with the help of...