Vulnerability Details CVE-2018-15555
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Jun/1
- http://seclists.org/fulldisclosure/2019/Jun/1
- http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2019/Jun/1
- http://seclists.org/fulldisclosure/2019/Jun/1
Products affected by CVE-2018-15555
-
cpe:2.3:h:actiontec:web6000q:-
-
cpe:2.3:o:actiontec:web6000q_firmware:1.1.02.22