{"vuid":"VU#335192","idnumber":"335192","name":"Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities","keywords":["actiontec","dsl","router","csrf","hardcoded credentials","cpework"],"overview":"Actiontec GT784WN Wireless N DSL Modem, versions NCS01-1.0.12 and earlier, contains multiple vulnerabilities.","clean_desc":"CWE-259: Use of Hard-coded Password - CVE-2015-2904 Actiontec GT784WN Wireless N DSL Modem contains multiple hard-coded credentials that enable a user to log into the web administration interface with root privileges. CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-2905 Actiontec GT784WN Wireless N DSL Modem contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Note that in combination with hard-coded credentials, an attacker can reliably establish an active session as part of an attack and therefore does not require a victim to be logged in. The CVSS score below describes CVE-2015-2904.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session or perform actions as an authenticated user. A network-based attacker can take complete control of an affected device.","resolution":"Apply an update Actiontec has released NCS01-1.0.13 to address these vulnerabilities. Users are encouraged to update their firmware to the latest release.","workarounds":"","sysaffected":"","thanks":"These vulnerabilities were reported by Joel Land of the CERT/CC.","author":"This document was written by Joel Land.","public":["http://www.actiontec.com/support/soft_files/GT784WN_NCS_HTTP-Upgrade_NCS01-1.0.13.img","http://cwe.mitre.org/data/definitions/259.html","http://cwe.mitre.org/data/definitions/352.html"],"cveids":["CVE-2015-2904","CVE-2015-2905"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-07-07T13:29:59Z","publicdate":"2015-08-11T00:00:00Z","datefirstpublished":"2015-08-11T20:48:49Z","dateupdated":"2015-08-11T20:48:49Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:A/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6.5","cvss_environmentalscore":"4.89168185571072","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}