search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities

Vulnerability Note VU#335192

Original Release Date: 2015-08-11 | Last Revised: 2015-08-11

Overview

Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.

Description

CWE-259: Use of Hard-coded Password - CVE-2015-2904

Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.

CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2905

Actiontec GT784WN Wireless N DSL Modem contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in combination with hard-coded credentials, an attacker can reliably establish an active session as part of an attack and therefore does not require a victim to be logged in.

The CVSS score below describes CVE-2015-2904.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.

Solution

Apply an update

Actiontec has released NCS01-1.0.13 to address these vulnerabilities. Users are encouraged to update their firmware to the latest release.

Vendor Information

335192
 
Expand all

Actiontec Affected

Notified:  July 13, 2015 Updated: August 10, 2015

Statement Date:   August 06, 2015

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Addendum

Actiontec GT784WN Wireless N DSL Modem is affected.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal 6.5 E:POC/RL:OF/RC:C
Environmental 4.9 CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

These vulnerabilities were reported by Joel Land of the CERT/CC.

This document was written by Joel Land.

Other Information

CVE IDs: CVE-2015-2904, CVE-2015-2905
Date Public: 2015-08-11
Date First Published: 2015-08-11
Date Last Updated: 2015-08-11 20:48 UTC
Document Revision: 17

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis