Andrew Klaus

#7658de 53,635
35.9CVSS total
Vulnerabilidades · 4
Média
1
Alta
1
Crítica
2
PT-2019-9124
10
2019-06-27
Quantenna · Quantenna Wifi Controller · CVE-2018-15556
**Name of the Vulnerable Software and Affected Versions** Actiontec WEB6000Q version 1.1.02.22 **Description** The issue allows login with root level access using the user "root" and an empty password by exploiting the enabled onboard UART headers on the Quantenna WiFi Controller. **Recommendations** For version 1.1.02.22, consider disabling the UART headers to prevent unauthorized access until a patch is available. Restrict physical access to the device to minimize the risk of exploitation.
PT-2019-9123
10
2019-06-11
Telus · Telus Actiontec Web6000Q · CVE-2018-15555
**Name of the Vulnerable Software and Affected Versions** Telus Actiontec WEB6000Q version 1.1.02.22 **Description** The issue allows an attacker to gain root level access on the device using the username "root" and password "admin" through the enabled onboard UART headers. This provides an attacker with elevated privileges, potentially leading to further exploitation. **Recommendations** For Telus Actiontec WEB6000Q version 1.1.02.22, consider disabling the onboard UART headers to prevent unauthorized access until a patch is available. Additionally, changing the default password for the "root" user can help mitigate the risk of exploitation.
PT-2019-9125
10
2019-06-11
Quantenna · Quantenna Wifi Controller · CVE-2018-15557
**Name of the Vulnerable Software and Affected Versions** Telus Actiontec WEB6000Q version 1.1.02.22 **Description** An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q devices. An attacker can statically set their IP to anything on the 169.254.1.0/24 subnet and obtain root access by connecting to `169.254.1.2` port 23 with `telnet` or `netcat`. **Recommendations** For version 1.1.02.22, as a temporary workaround, consider disabling access to port 23 to minimize the risk of exploitation. Restrict access to the `169.254.1.0/24` subnet to prevent unauthorized connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-13278
5.9
2018-09-11
Subsonic · Subsonic Music Streamer · CVE-2018-15898
**Name of the Vulnerable Software and Affected Versions** Subsonic Music Streamer version 4.4 **Description** The issue concerns Improper Certificate Validation of the Subsonic server certificate. This could allow man-in-the-middle attackers to obtain interaction data. **Recommendations** For Subsonic Music Streamer version 4.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.