Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Actiontec Security Vulnerabilities

cve
cve

CVE-2013-3097

Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I...

6.1CVSS

6.4AI Score

0.005EPSS

2019-11-13 10:15 PM
23
cve
cve

CVE-2018-15555

On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART...

9.8CVSS

7AI Score

0.006EPSS

2019-06-28 03:15 PM
28
cve
cve

CVE-2018-15556

The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART...

9.8CVSS

7AI Score

0.179EPSS

2019-06-27 05:15 PM
42
cve
cve

CVE-2018-15557

An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with...

8.8CVSS

6.7AI Score

0.006EPSS

2019-06-27 05:15 PM
39
cve
cve

CVE-2019-12789

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-) to obtain a shell with root privileges. After gaining root access, the attacker can...

6.8CVSS

7AI Score

0.001EPSS

2019-06-17 05:15 PM
42
cve
cve

CVE-2018-19922

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the...

6.1CVSS

6.6AI Score

0.001EPSS

2018-12-06 10:29 PM
18
cve
cve

CVE-2018-10252

An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its...

8.1CVSS

7.4AI Score

0.002EPSS

2018-05-14 02:29 PM
22
cve
cve

CVE-2015-2904

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration...

7AI Score

0.003EPSS

2015-08-23 09:59 PM
22
cve
cve

CVE-2015-2905

Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary...

7.6AI Score

0.001EPSS

2015-08-23 09:59 PM
24