Vulnerability Note VU#335192

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

Original Release date: 11 Aug 2015 | Last revised: 11 Aug 2015

Overview

Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.

Description

CWE-259: Use of Hard-coded Password - CVE-2015-2904

Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.

CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2905

Actiontec GT784WN Wireless N DSL Modem contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in combination with hard-coded credentials, an attacker can reliably establish an active session as part of an attack and therefore does not require a victim to be logged in.

The CVSS score below describes CVE-2015-2904.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.

Solution

Apply an update

Actiontec has released NCS01-1.0.13 to address these vulnerabilities. Users are encouraged to update their firmware to the latest release.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
ActiontecAffected13 Jul 201510 Aug 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal 6.5 E:POC/RL:OF/RC:C
Environmental 4.9 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

These vulnerabilities were reported by Joel Land of the CERT/CC.

This document was written by Joel Land.

Other Information

  • CVE IDs: CVE-2015-2904 CVE-2015-2905
  • Date Public: 11 Aug 2015
  • Date First Published: 11 Aug 2015
  • Date Last Updated: 11 Aug 2015
  • Document Revision: 17

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.