Lucene search
K

136 matches found

CVE
CVE
added 2019/06/27 4:52 p.m.73 views

CVE-2018-15557

CVE-2018-15557 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q devices (firmware v1.1.02.22). The issue allows an attacker with access to the 169.254.1.0/24 link-local subnet to obtain root by connecting to 169.254.1.2 on TCP port 23 (telnet/netcat). Documents corroborate a priv...

10CVSS8.5AI score0.03258EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2019/06/17 5:15 p.m.4 views

CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

6.8CVSS6.8AI score0.00574EPSS
Exploits2References2
NVD
NVD
added 2019/06/17 5:15 p.m.14 views

CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

7.2CVSS6.7AI score0.00574EPSS
Exploits2References2
Prion
Prion
added 2019/06/17 5:15 p.m.25 views

Code injection

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence Ctrl-\ to obtain a shell with root privileges. After gaining root access, the attacker can...

7.2CVSS6.7AI score0.00574EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/06/17 4:19 p.m.77 views

CVE-2019-12789

CVE-2019-12789 affects the Actiontec/Telus T2200H devices (T2200H-31.128L.08). By attaching a UART adapter to system-board UART pins and issuing the key sequence Ctrl-, an attacker can obtain a root shell. This permits mounting the filesystem read-write and making permanent modifications, includi...

7.2CVSS6.7AI score0.00574EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2019/06/13 12:0 a.m.2 views

Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39179)

The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Actiontec WEB6000Q version 1.1.02.22. The vulnerability can be exploited to gain root access by connecting to port 23 of host 169.254.1.2 using telnet/netcat...

10CVSS7.1AI score0.03258EPSS
Exploits2References1
CNVD
CNVD
added 2019/06/13 12:0 a.m.3 views

Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39178)

The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...

10CVSS6.9AI score0.03258EPSS
Exploits2References1
CNVD
CNVD
added 2019/06/13 12:0 a.m.4 views

Telus Actiontec WEB6000Q Elevation of Privilege Vulnerability

The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...

10CVSS6.9AI score0.02974EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.194 views

Telus Actiontec WEB6000Q Denial Of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: Not needed since update is pushed by the provider. Summary of Findings By querying CGI...

7.4AI score
Exploits0
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

Telus Actiontec T2200H Local Elevation of Privilege Vulnerability

The Actiontec Electronics T2200H is a modem from Actiontec Electronics, USA. A security vulnerability exists in the Actiontec Electronics T2200H T2200H-31.128L.08 release. The vulnerability can be exploited by an attacker to obtain a shell with root privileges to permanently modify the device,...

7.2CVSS7.2AI score0.00574EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.269 views

Telus Actiontec T2200H Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept...

0.5AI score0.00574EPSS
Exploits2
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.192 views

Telus Actiontec T2200H Serial Number Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H Affected Firmware: T2200H-31.128L.08 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanu al.pdf Reported: Sept 2018 CVE: Not needed...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.320 views

Telus Actiontec T2200H WiFi Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but very likely affecting other models of theirs Affected Firmware: T2200H-31.128L.08 Device Manual:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.130 views

Telus Actiontec WEB6000Q Serial Number Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded, but may work on others Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: Sept 2018 CVE: Not needed since update is pushed by the provider. Summary of...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/06/12 12:0 a.m.462 views

Telus Actiontec WEB6000Q Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Device Details Discovered By: Andrew Klaus [email protected] Vendor: Actiontec Telus Branded Model: WEB6000Q Affected Firmware: 1.1.02.22 Reported: July 2018 CVE: CVE-2018-15555 Main OS CVE: CVE-2018-15556 Quantenna OS Summary of Findings Both “main”...

1AI score0.03258EPSS
Exploits3
OSV
OSV
added 2018/12/06 10:29 p.m.4 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6.1CVSS6AI score0.0083EPSS
Exploits1References1
NVD
NVD
added 2018/12/06 10:29 p.m.19 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6.1CVSS5.9AI score0.0083EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/06 10:0 p.m.20 views

CVE-2018-19922

Persistent Cross-Site Scripting XSS in the advancedsetupwebsiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd...

6AI score0.0083EPSS
Exploits1References1
CVE
CVE
added 2018/12/06 10:0 p.m.37 views

CVE-2018-19922

The CVE-2018-19922 entry describes a Persistent Cross-Site Scripting (XSS) in the Actiontec C1000A router: the advancedsetup_websiteblocking.html Website Blocking page is vulnerable due to improper handling of the TodUrlAdd parameter in a /urlfilter.cmd POST request. This allows a remote attacker...

6.1CVSS5.9AI score0.0083EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/08/21 12:0 a.m.2 views

Telus Actiontec T2200H Command Injection Vulnerability

The Telus Actiontec T2200H is a modem device from Telus USA. A command injection vulnerability exists in the fileshare.cmd file in the Telus Actiontec T2200H using firmware version T2200H-31.128L.03. An attacker can exploit this vulnerability to inject operating system commands with the help of...

9CVSS9.1AI score0.02244EPSS
Exploits0References1
Rows per page
Query Builder