Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.
CWE-259: Use of Hard-coded Password - CVE-2015-2904
Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.
Apply an update
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.