CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19922
https://notcve.org/view.php?id=CVE-2018-19922
06 Dec 2018 — Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. Cross-Site Scripting (XSS) persistente en la página Website Blocking en advancedsetup_websiteblocking.html del router Actiontec C1000A con firmware hasta la versi... • https://github.com/logern5/c1000a_xss/blob/master/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10252
https://notcve.org/view.php?id=CVE-2018-10252
14 May 2018 — An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and c... • https://actiontecsupport.zendesk.com/hc/en-us/articles/115000432163-WCB6200Q-Firmware-Upgrade • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2904
https://notcve.org/view.php?id=CVE-2015-2904
23 Aug 2015 — Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. Vulnerabilidad en módems Actiontec GT784WN con firmware anterior a NCS01-1.0.13, tienen credenciales embebidos, lo que hace que sea más fácil para atacantes remotos obtener acceso root mediante la conexión a la interfaz web de administración. • http://www.kb.cert.org/vuls/id/335192 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2905
https://notcve.org/view.php?id=CVE-2015-2905
23 Aug 2015 — Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users. Vulnerabilidad CSRF en módems Actiontec GT784WN con firmware anterior a NCS01-1-0-13, permite a atacantes remotos secuestrar la autenticación o la conectividad a la intranet de usuarios arbitrarios. • http://www.kb.cert.org/vuls/id/335192 • CWE-352: Cross-Site Request Forgery (CSRF) •