CVE-2019-12789 – Telus Actiontec T2200H Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2019-12789

12 Jun 2019 — An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing ... • https://packetstorm.news/files/id/153271 •