The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2019/Jun/1 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2019-06-27 17:15
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15556
Mitre link : CVE-2018-15556
CVE.ORG link : CVE-2018-15556
JSON object : View
Products Affected
actiontec
- web6000q
- web6000q_firmware
CWE
CWE-287
Improper Authentication