Vulnerabilities > Actiontec

DATE CVE VULNERABILITY TITLE RISK
2019-11-13 CVE-2013-3097 Cross-site Scripting vulnerability in Actiontec Mi424Wr-Gen3I Firmware
Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router.
network
actiontec CWE-79
4.3
2019-06-28 CVE-2018-15555 Improper Synchronization vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
network
low complexity
actiontec CWE-662
critical
10.0
2019-06-27 CVE-2018-15557 Improper Privilege Management vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices.
network
low complexity
actiontec CWE-269
critical
10.0
2019-06-27 CVE-2018-15556 Improper Authentication vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
network
low complexity
actiontec CWE-287
critical
10.0
2019-06-17 CVE-2019-12789 Unspecified vulnerability in Actiontec T2200H Firmware T2200H31.1238L.08
An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus.
local
low complexity
actiontec
7.2
2018-12-06 CVE-2018-19922 Cross-site Scripting vulnerability in Actiontec C1000A Firmware
Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request.
network
actiontec CWE-79
4.3
2018-05-14 CVE-2018-10252 Session Fixation vulnerability in Actiontec Wcb6200Q Firmware
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices.
network
actiontec CWE-384
6.8
2015-08-23 CVE-2015-2905 Cross-Site Request Forgery (CSRF) vulnerability in Actiontec Ncs01 Firmware
Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrary users.
network
actiontec CWE-352
6.8
2015-08-23 CVE-2015-2904 Unspecified vulnerability in Actiontec Ncs01 Firmware
Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface.
low complexity
actiontec
8.3