Vulnerabilities > CVE-2015-2904 - Unspecified vulnerability in Actiontec Ncs01 Firmware

CVSS 8.3 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

low complexity

actiontec

NVD

Published: 2015-08-23

Updated: 2015-08-24

Summary

Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. <a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: Use of Hard-coded Credentials</a>

Vulnerable Configurations

Part	Description	Count
OS	Actiontec Actiontec Ncs01 Firmware *	1
Hardware	Actiontec Actiontec Gt784Wn Wireless N DSL Modem -	1

References

http://www.kb.cert.org/vuls/id/335192