CVE-2019-12789

Name of the Vulnerable Software and Affected Versions Actiontec T2200H version T2200H-31.128L.08

Description An issue allows an attacker to gain root access by attaching a UART adapter to the system board and using a special key sequence, Ctrl-. After gaining root access, the attacker can make permanent modifications to the device, including bricking the device, disabling vendor management, preventing automatic upgrades, and installing malicious code.

Recommendations For Actiontec T2200H version T2200H-31.128L.08, consider restricting physical access to the device to prevent attachment of a UART adapter, as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.