Vulnerability Note VU#335192
Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
Original Release date: 11 Aug 2015 | Last revised: 11 Aug 2015

Overview
Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.

Description
CWE-259: Use of Hard-coded Password – CVE-2015-2904
Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges.

CWE-352: Cross-Site Request Forgery (CSRF) – CVE-2015-2905

Actiontec GT784WN Wireless N DSL Modem contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in combination with hard-coded credentials, an attacker can reliably establish an active session as part of an attack and therefore does not require a victim to be logged in.

The CVSS score below describes CVE-2015-2904.

Impact
A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user’s browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.

Solution
Apply an update

Actiontec has released NCS01-1.0.13 to address these vulnerabilities. Users are encouraged to update their firmware to the latest release.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate UpdatedActiontecAffected13 Jul 201510 Aug 2015If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal
6.5
E:POC/RL:OF/RC:C

Environmental
4.9
CDP:N/TD:M/CR:ND/IR:ND/AR:ND

References

http://www.actiontec.com/support/soft_files/GT784WN_NCS_HTTP-Upgrade_NCS01-1.0.13.img
http://cwe.mitre.org/data/definitions/259.html
http://cwe.mitre.org/data/definitions/352.html

Credit

These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.

Other Information

CVE IDs:
CVE-2015-2904
CVE-2015-2905

Date Public:
11 Aug 2015

Date First Published:
11 Aug 2015

Date Last Updated:
11 Aug 2015

Document Revision:
17

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply