VYPR
Vendor

Actiontec

Products
7
CVEs
16
Across products
18
Status
Private

Products

7

Recent CVEs

16
  • CVE-2018-15553HigAug 20, 2018
    risk 0.57cvss 8.8epss 0.02

    fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.

  • CVE-2018-10252HigMay 14, 2018
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web…

  • CVE-2013-0126Mar 21, 2013
    risk 0.03cvss epss 0.03

    Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the…

  • CVE-2024-6146Jun 18, 2024
    risk 0.00cvss epss 0.01

    Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required…

  • CVE-2024-6145Jun 18, 2024
    risk 0.00cvss epss 0.01

    Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2024-6144Jun 18, 2024
    risk 0.00cvss epss 0.01

    Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to…

  • CVE-2024-6143Jun 18, 2024
    risk 0.00cvss epss 0.01

    Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…

  • CVE-2024-6142Jun 18, 2024
    risk 0.00cvss epss 0.01

    Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…

  • CVE-2013-3097Nov 13, 2019
    risk 0.00cvss epss 0.01

    Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.

  • CVE-2018-15555Jun 28, 2019
    risk 0.00cvss epss 0.03

    On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.

  • CVE-2018-15556Jun 27, 2019
    risk 0.00cvss epss 0.03

    The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.

  • CVE-2018-15557Jun 27, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat.

  • CVE-2019-12789Jun 17, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root…

  • CVE-2018-19922Dec 6, 2018
    risk 0.00cvss epss 0.01

    Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary…

  • CVE-2015-2905Aug 23, 2015
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.

  • CVE-2015-2904Aug 23, 2015
    risk 0.00cvss epss 0.01

    Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.