CVE-2018-15555

CRITICAL

Telus Actiontec WEB6000Q v1.1.02.22 - Privilege Escalation

Title source: llm

Description

On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Jun/1

[Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html

Scores

CVSS v3 9.8

EPSS 0.0116

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-662

Status published

Products (1)

actiontec/web6000q_firmware 1.1.02.22

Published Jun 28, 2019

Tracked Since Feb 18, 2026