Vulnerability Note VU#335192
Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.
CWE-259: Use of Hard-coded Password - CVE-2015-2904
Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Actiontec||Affected||13 Jul 2015||10 Aug 2015|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.
- CVE IDs: CVE-2015-2904 CVE-2015-2905
- Date Public: 11 Aug 2015
- Date First Published: 11 Aug 2015
- Date Last Updated: 11 Aug 2015
- Document Revision: 17
If you have feedback, comments, or additional information about this vulnerability, please send us email.