Actiontec
Products
7- 6 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-15553 | Hig | 0.57 | 8.8 | 0.02 | Aug 20, 2018 | fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field. | ||
| CVE-2018-10252 | Hig | 0.53 | 8.1 | 0.01 | May 14, 2018 | An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web… | ||
| CVE-2013-0126 | 0.03 | — | 0.03 | Mar 21, 2013 | Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the… | |||
| CVE-2024-6146 | 0.00 | — | 0.01 | Jun 18, 2024 | Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required… | |||
| CVE-2024-6145 | 0.00 | — | 0.01 | Jun 18, 2024 | Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2024-6144 | 0.00 | — | 0.01 | Jun 18, 2024 | Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to… | |||
| CVE-2024-6143 | 0.00 | — | 0.01 | Jun 18, 2024 | Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this… | |||
| CVE-2024-6142 | 0.00 | — | 0.01 | Jun 18, 2024 | Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this… | |||
| CVE-2013-3097 | 0.00 | — | 0.01 | Nov 13, 2019 | Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. | |||
| CVE-2018-15555 | 0.00 | — | 0.03 | Jun 28, 2019 | On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. | |||
| CVE-2018-15556 | 0.00 | — | 0.03 | Jun 27, 2019 | The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. | |||
| CVE-2018-15557 | 0.00 | — | 0.03 | Jun 27, 2019 | An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. | |||
| CVE-2019-12789 | 0.00 | — | 0.01 | Jun 17, 2019 | An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root… | |||
| CVE-2018-19922 | 0.00 | — | 0.01 | Dec 6, 2018 | Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary… | |||
| CVE-2015-2905 | 0.00 | — | 0.01 | Aug 23, 2015 | Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. | |||
| CVE-2015-2904 | 0.00 | — | 0.01 | Aug 23, 2015 | Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. |
- risk 0.57cvss 8.8epss 0.02
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.
- risk 0.53cvss 8.1epss 0.01
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web…
- CVE-2013-0126Mar 21, 2013risk 0.03cvss —epss 0.03
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the…
- CVE-2024-6146Jun 18, 2024risk 0.00cvss —epss 0.01
Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required…
- CVE-2024-6145Jun 18, 2024risk 0.00cvss —epss 0.01
Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2024-6144Jun 18, 2024risk 0.00cvss —epss 0.01
Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to…
- CVE-2024-6143Jun 18, 2024risk 0.00cvss —epss 0.01
Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…
- CVE-2024-6142Jun 18, 2024risk 0.00cvss —epss 0.01
Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…
- CVE-2013-3097Nov 13, 2019risk 0.00cvss —epss 0.01
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.
- CVE-2018-15555Jun 28, 2019risk 0.00cvss —epss 0.03
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
- CVE-2018-15556Jun 27, 2019risk 0.00cvss —epss 0.03
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
- CVE-2018-15557Jun 27, 2019risk 0.00cvss —epss 0.03
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat.
- CVE-2019-12789Jun 17, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root…
- CVE-2018-19922Dec 6, 2018risk 0.00cvss —epss 0.01
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary…
- CVE-2015-2905Aug 23, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.
- CVE-2015-2904Aug 23, 2015risk 0.00cvss —epss 0.01
Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.