Vulnerabilities > CVE-2019-12789 - Unspecified vulnerability in Actiontec T2200H Firmware T2200H31.1238L.08

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
actiontec

Summary

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device.

Vulnerable Configurations

Part Description Count
OS
Actiontec
1
Hardware
Actiontec
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/153271/actiontect2200h-escalate.txt
idPACKETSTORM:153271
last seen2019-06-17
published2019-06-12
reporterAndrew Klaus
sourcehttps://packetstormsecurity.com/files/153271/Telus-Actiontec-T2200H-Local-Privilege-Escalation.html
titleTelus Actiontec T2200H Local Privilege Escalation