CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device.
References
Link Resource
http://seclists.org/fulldisclosure/2019/Jun/10 Exploit Mailing List Third Party Advisory
https://www.actiontec.com/blog/ Third Party Advisory
http://seclists.org/fulldisclosure/2019/Jun/10 Exploit Mailing List Third Party Advisory
https://www.actiontec.com/blog/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:actiontec:t2200h_firmware:t2200h-31.1238l.08:*:*:*:*:*:*:*
cpe:2.3:h:actiontec:t2200h:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:23

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2019/Jun/10 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2019/Jun/10 - Exploit, Mailing List, Third Party Advisory
References () https://www.actiontec.com/blog/ - Third Party Advisory () https://www.actiontec.com/blog/ - Third Party Advisory

Information

Published : 2019-06-17 17:15

Updated : 2024-11-21 04:23


NVD link : CVE-2019-12789

Mitre link : CVE-2019-12789

CVE.ORG link : CVE-2019-12789


JSON object : View

Products Affected

actiontec

  • t2200h_firmware
  • t2200h