VYPR
Unrated severityNVD Advisory· Published Jun 18, 2024· Updated Aug 1, 2024

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability

CVE-2024-6145

Description

Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the HTTP server. A crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21417.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Actiontec/WCB6200Qllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 1.2L.03.5

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.