CVE-2013-3097
https://notcve.org/view.php?id=CVE-2013-3097
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. Vulnerabilidad de tipo cross-site scripting (XSS) no especificada en el router Verizon FIOS Actiontec MI424WR-GEN3I.. • http://www.securityfocus.com/bid/59479 https://exchange.xforce.ibmcloud.com/vulnerabilities/83785 https://www.ise.io/casestudies/exploiting-soho-routers https://www.ise.io/soho_service_hacks • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12789 – Telus Actiontec T2200H Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-12789
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device. Se detecto un problema en los dispositivos Actiontec T2200H T2200H-31.128L.08, distribuidos por Telus. Mediante la fijación de un adaptador UART a los pines UART en la placa base, un atacante puede utilizar una secuencia de teclas especial (Ctrl- ) para obtener un shell con privilegios root. • http://seclists.org/fulldisclosure/2019/Jun/10 https://www.actiontec.com/blog •
CVE-2018-15557 – Telus Actiontec WEB6000Q Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15557
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. Se descubrió un problema en el controlador WiFi Quantenna en dispositivos Telus Actiontec WEB6000Q v1.1.02.22. Un atacante puede establecer su IP de forma estática a cualquier cosa en la subred 169.254.1.0/24 y obtener acceso al root conectándose al puerto 23.2 de 169.254.1.2 con telnet / netcat. Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities. • http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Jun/2 • CWE-269: Improper Privilege Management •
CVE-2018-15555 – Telus Actiontec WEB6000Q Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15555
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers. En los dispositivos Telus Actiontec WEB6000Q versión v1.1.02.22 un atacante puede iniciar sesión con acceso de nivel root con el usuario "root" y una contraseña "admin" utilizando los encabezados UART integrados habilitados. Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities. • http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Jun/1 • CWE-662: Improper Synchronization •
CVE-2018-15556 – Telus Actiontec WEB6000Q Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-15556
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers. El Quantenna WiFi Controller en Telus Actiontec WEB6000Q v1.1.02.22 permite el inicio de sesión con acceso de nivel root con el usuario "root" y una contraseña vacía utilizando los encabezados UART integrados habilitados. Telus Actiontec WEB6000Q with firmware 1.1.02.22 suffers from both local and remote privilege escalation vulnerabilities. • http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html http://seclists.org/fulldisclosure/2019/Jun/1 • CWE-287: Improper Authentication •