The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers.
                
            References
                    | Link | Resource | 
|---|---|
| http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry | 
| http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory | 
| http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory | 
| http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry | 
| http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory | 
| http://seclists.org/fulldisclosure/2019/Jun/1 | Exploit Mailing List Third Party Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
History
                    No history.
Information
                Published : 2019-06-27 17:15
Updated : 2024-11-21 03:51
NVD link : CVE-2018-15556
Mitre link : CVE-2018-15556
CVE.ORG link : CVE-2018-15556
JSON object : View
Products Affected
                actiontec
- web6000q_firmware
- web6000q
CWE
                
                    
                        
                        CWE-287
                        
            Improper Authentication
