VAR-201906-0825
Vulnerability from variot - Updated: 2024-11-23 22:11An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. Telus Actiontec WEB6000Q Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Actiontec WEB6000Q is a wireless extender from American Actiontec. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Device Details
Discovered By: Andrew Klaus (andrew@aklaus.ca) Vendor: Actiontec (Telus Branded) Model: WEB6000Q Affected Firmware: 1.1.02.22
Reported: July 2018 CVE: CVE-2018-15555 (Main OS) CVE: CVE-2018-15556 (Quantenna OS)
Summary of Findings
Both “main” and “quantenna” have a UART header on the motherboard and each of them provide full shell + bootloader access.
While the main OS has the credentials user: root pass: admin, the quantenna environment can be accessed with user: root with an empty password.
I used a Raspberry Pi to interface with the UART header, but there are USB UART adapters to do the same thing.
Once root access is obtained, TR-069 Updating can be fully disabled, preventing the vendor from pushing updates to the device.
Proof of Concept
Hooking up a Raspberry Pi's UART GPIO header to either UART header on the modem will give a login prompt. root/admin or root/(nopass) depending on which modem header connected to.
Enabling SSH daemon on Main OS
After retrieving a root shell on the main OS over UART, SSH can be enabled by running the following:
cli -s Device.X_ACTIONTEC_COM_RemoteLogin.Enable int 1
iptables -A INPUT -p tcp --dport 22 -j ACCEPT dropbear -p 22 -I 1800 &
$ ssh 192.168.1.2 -l admin -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@192.168.1.2's password:
BusyBox v1.17.2 (2016-02-03 21:34:18 PST) built-in shell (ash) Enter 'help' for a list of built-in commands.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/rRUDraOzqmrp8tZoyRid8jQfpkFAlz9T5sACgkQoyRid8jQ fpnL1BAAi+Bu1xcK9thQ0AHqamY7DZ4qkP3dhFVUtW5q3hoJ4T3GOLTj/9RJLaOI J9FMvSMNAnTKtBcbTx4uvokRAbGLZEUPG1uk0Qu9wmC8tPliU0qHTCfU0vF2dFCI rrhmpaJhu4Y/AEIpjZXg1/5p5hIAQn5DfNUwu6p5VbDlRbktu5UELcFtvgnVi7Jq MUmNvPjbbxwfWlopb3kXASOh1SFLwe77AwmQmLQtIDknAyf2Ri9xfpf2wMGPqDTp WH3SzNCE+HkpHH8omSgnX+yA51KeGipUXWao3UnGvqdHp02TFz5OZIHhgzLk2AfX 6k78qy44DMegaUld9KQeW4OeVESxQqVu9goIjbRMIIlLKRsvz1BwTM+wBu74z2vU O8i1mzAPqloc8iIoIzLiu1dGzYTii4et6YMTq5GJiXL3PCTOJ8MR1/mxeebQwn9h ebsmkn0I06ruR37apz0WGBx0p7t158Pjzc954JoMLubQO8Isk/2G02wcekLLXjVj P2jxoJlnRplum7pKNQbfhAJ6VrGiyB9HY6VAarseqZzFLYJiL6u15EooKScVAg/0 ogZz/3G4m8yVZ37nnz64GNqZu/i18IRoPRGGfeYN/smKFhsKNtbw1JSWHk6VPTbN jlJLOXvQ9149zFlmJJHCxKiQ3FHvghgfgoi9W5J0Lg4Q+lqIriU= =POu3 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Device Details
Discovered By: Andrew Klaus (andrew@aklaus.ca) Vendor: Actiontec (Telus Branded) Model: WEB6000Q Affected Firmware: 1.1.02.22
Reported: July 2018 CVE: CVE-2018-15557
Summary of Findings
Two instances of Linux run on the WEB6000Q. One is the “main” instance that runs the web management server, TR-069 daemon, etc., while the other is the "quantenna" management OS used to manage the wireless.
By hardcoding an IP address in the 169.254.1.0/24 network, and being on the same layer 2 network, root telnet access can be obtained on the "quantenna" management environment by accessing:
Host: 169.254.1.2 Port: 23 Login: root (no password prompted)
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE/rRUDraOzqmrp8tZoyRid8jQfpkFAlz9T9cACgkQoyRid8jQ fpmyiw/+IOKANwITYMPOlXmvq4cY2ma8n5ckyeaLs2sEMTUM4OLg9Fnv7bqHxRs9 ++/sU7QPPjtMVhGIoehWqJgQp96zIV/x/JDxNlVvHn2IbYtOgSQOJ0uCxDvU7Tf5 khAmBtUSHMDq5qBlmPZxOUHnEEDjdx38OBt11Z9/yrSso5eJaXVsYs2SsEuLCzOq xH0VXi278VSx0mDVsAPT6GvAyYja+S23M49dhW48knQ9yBCt17Lhe1C04vcUNme0 GZQUUHKLBJl03mUgt91/pcRfqN+MlUMyyQiyi7w1fPQpTWONIArUM26XV+P9oLNu T08sh1vaAdaXim1AHpSURXX24TEsIYLW0Tb9SQVPMl1UZDcNq0ub9AdoAUuuXBWv nQ3jTCKlosH3GsIau1S3hlI8hoDF3li5e+bwt62JcqhI13pY1ZdcqZ+DHcbSGLN1 PW/CjPJxw05vamYzyZSgqS/FUlflzhboFp2s2/7XG8lBvt+pTQql5aYcxdcaZ1Sq TAGEXC3Kdb4BEQlqWuJNAlZWxeN6fhewb8IPDEJhdUZr2rGF9/1rmd3FlbwC6K2u 10o0lGrXVZ3hDnewwrBFNjLgvUj/nUtVlElkk1x/rsQnqDtnuKC4sS6xq9VO27Yo tW4gSB5LSjUcMVJyc0YbLjtYtd0mYem7l0dHjpnuqXst94GrHlk= =KDej -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0825",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web6000q",
"scope": "eq",
"trust": 2.4,
"vendor": "actiontec",
"version": "1.1.02.22"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:actiontec:web6000q_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrew Klaus",
"sources": [
{
"db": "PACKETSTORM",
"id": "153262"
}
],
"trust": 0.1
},
"cve": "CVE-2018-15557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-15557",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39179",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-125828",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-15557",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-15557",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-15557",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-39179",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125828",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15557",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat. Telus Actiontec WEB6000Q Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Actiontec WEB6000Q is a wireless extender from American Actiontec. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n### Device Details\nDiscovered By: Andrew Klaus (andrew@aklaus.ca)\nVendor: Actiontec (Telus Branded)\nModel: WEB6000Q\nAffected Firmware: 1.1.02.22\n\nReported: July 2018\nCVE: CVE-2018-15555 (Main OS)\nCVE: CVE-2018-15556 (Quantenna OS)\n\n\n### Summary of Findings\n\nBoth \u201cmain\u201d and \u201cquantenna\u201d have a UART header on the motherboard and\neach of them provide full shell + bootloader access. \n\nWhile the main OS has the credentials user: root pass: admin, the\nquantenna environment can be accessed with user: root with an empty\npassword. \n\nI used a Raspberry Pi to interface with the UART header, but there are\nUSB UART adapters to do the same thing. \n\nOnce root access is obtained, TR-069 Updating can be fully disabled,\npreventing the vendor from pushing updates to the device. \n\n\n### Proof of Concept\n\nHooking up a Raspberry Pi\u0027s UART GPIO header to either UART header on\nthe modem will give a login prompt. root/admin or root/(nopass)\ndepending on which modem header connected to. \n\n\n### Enabling SSH daemon on Main OS\n\nAfter retrieving a root shell on the main OS over UART, SSH can be\nenabled by running the following:\n\n# cli -s Device.X_ACTIONTEC_COM_RemoteLogin.Enable int 1\niptables -A INPUT -p tcp --dport 22 -j ACCEPT\ndropbear -p 22 -I 1800 \u0026\n\n\n$ ssh 192.168.1.2 -l admin -oKexAlgorithms=+diffie-hellman-group1-sha1\nadmin@192.168.1.2\u0027s password:\n\nBusyBox v1.17.2 (2016-02-03 21:34:18 PST) built-in shell (ash)\nEnter \u0027help\u0027 for a list of built-in commands. \n#\n\n\n\n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEE/rRUDraOzqmrp8tZoyRid8jQfpkFAlz9T5sACgkQoyRid8jQ\nfpnL1BAAi+Bu1xcK9thQ0AHqamY7DZ4qkP3dhFVUtW5q3hoJ4T3GOLTj/9RJLaOI\nJ9FMvSMNAnTKtBcbTx4uvokRAbGLZEUPG1uk0Qu9wmC8tPliU0qHTCfU0vF2dFCI\nrrhmpaJhu4Y/AEIpjZXg1/5p5hIAQn5DfNUwu6p5VbDlRbktu5UELcFtvgnVi7Jq\nMUmNvPjbbxwfWlopb3kXASOh1SFLwe77AwmQmLQtIDknAyf2Ri9xfpf2wMGPqDTp\nWH3SzNCE+HkpHH8omSgnX+yA51KeGipUXWao3UnGvqdHp02TFz5OZIHhgzLk2AfX\n6k78qy44DMegaUld9KQeW4OeVESxQqVu9goIjbRMIIlLKRsvz1BwTM+wBu74z2vU\nO8i1mzAPqloc8iIoIzLiu1dGzYTii4et6YMTq5GJiXL3PCTOJ8MR1/mxeebQwn9h\nebsmkn0I06ruR37apz0WGBx0p7t158Pjzc954JoMLubQO8Isk/2G02wcekLLXjVj\nP2jxoJlnRplum7pKNQbfhAJ6VrGiyB9HY6VAarseqZzFLYJiL6u15EooKScVAg/0\nogZz/3G4m8yVZ37nnz64GNqZu/i18IRoPRGGfeYN/smKFhsKNtbw1JSWHk6VPTbN\njlJLOXvQ9149zFlmJJHCxKiQ3FHvghgfgoi9W5J0Lg4Q+lqIriU=\n=POu3\n-----END PGP SIGNATURE-----\n\n\n\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n### Device Details\nDiscovered By: Andrew Klaus (andrew@aklaus.ca)\nVendor: Actiontec (Telus Branded)\nModel: WEB6000Q\nAffected Firmware: 1.1.02.22\n\nReported: July 2018\nCVE: CVE-2018-15557\n\n\n### Summary of Findings\n\nTwo instances of Linux run on the WEB6000Q. One is the \u201cmain\u201d instance\nthat runs the web management server, TR-069 daemon, etc., while the\nother is the \"quantenna\" management OS used to manage the wireless. \n\nBy hardcoding an IP address in the 169.254.1.0/24 network, and being on\nthe same layer 2 network, root telnet access can be obtained on the\n\"quantenna\" management environment by accessing:\n\nHost: 169.254.1.2\nPort: 23\nLogin: root (no password prompted)\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEE/rRUDraOzqmrp8tZoyRid8jQfpkFAlz9T9cACgkQoyRid8jQ\nfpmyiw/+IOKANwITYMPOlXmvq4cY2ma8n5ckyeaLs2sEMTUM4OLg9Fnv7bqHxRs9\n++/sU7QPPjtMVhGIoehWqJgQp96zIV/x/JDxNlVvHn2IbYtOgSQOJ0uCxDvU7Tf5\nkhAmBtUSHMDq5qBlmPZxOUHnEEDjdx38OBt11Z9/yrSso5eJaXVsYs2SsEuLCzOq\nxH0VXi278VSx0mDVsAPT6GvAyYja+S23M49dhW48knQ9yBCt17Lhe1C04vcUNme0\nGZQUUHKLBJl03mUgt91/pcRfqN+MlUMyyQiyi7w1fPQpTWONIArUM26XV+P9oLNu\nT08sh1vaAdaXim1AHpSURXX24TEsIYLW0Tb9SQVPMl1UZDcNq0ub9AdoAUuuXBWv\nnQ3jTCKlosH3GsIau1S3hlI8hoDF3li5e+bwt62JcqhI13pY1ZdcqZ+DHcbSGLN1\nPW/CjPJxw05vamYzyZSgqS/FUlflzhboFp2s2/7XG8lBvt+pTQql5aYcxdcaZ1Sq\nTAGEXC3Kdb4BEQlqWuJNAlZWxeN6fhewb8IPDEJhdUZr2rGF9/1rmd3FlbwC6K2u\n10o0lGrXVZ3hDnewwrBFNjLgvUj/nUtVlElkk1x/rsQnqDtnuKC4sS6xq9VO27Yo\ntW4gSB5LSjUcMVJyc0YbLjtYtd0mYem7l0dHjpnuqXst94GrHlk=\n=KDej\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"db": "PACKETSTORM",
"id": "153262"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "153262",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2018-15557",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1056",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-39179",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-125828",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15557",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "PACKETSTORM",
"id": "153262"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"id": "VAR-201906-0825",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
}
]
},
"last_update_date": "2024-11-23T22:11:59.161000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WEB6000Q",
"trust": 0.8,
"url": "https://www.actiontec.com/products/home-networking/web6000q/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "http://packetstormsecurity.com/files/153262/telus-actiontec-web6000q-privilege-escalation.html"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/jun/2"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15557"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15557"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15555"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "PACKETSTORM",
"id": "153262"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"db": "VULHUB",
"id": "VHN-125828"
},
{
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"db": "PACKETSTORM",
"id": "153262"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-125828"
},
{
"date": "2019-06-27T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"date": "2019-06-12T18:39:04",
"db": "PACKETSTORM",
"id": "153262"
},
{
"date": "2019-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"date": "2019-06-27T17:15:11.270000",
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39179"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-125828"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15557"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015777"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1056"
},
{
"date": "2024-11-21T03:51:03.560000",
"db": "NVD",
"id": "CVE-2018-15557"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telus Actiontec WEB6000Q Vulnerabilities related to authorization, authority, and access control in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015777"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…