Vulnerabilities > Actiontec > Web6000Q Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-06-28 CVE-2018-15555 Improper Synchronization vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.
network
low complexity
actiontec CWE-662
critical
9.8
2019-06-27 CVE-2018-15556 Improper Authentication vulnerability in Actiontec Web6000Q Firmware 1.1.02.22
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
network
low complexity
actiontec CWE-287
critical
9.8