Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the HTTP server. A crafted Cookie header in an HTTP request can trigger the use of a format specifier from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the HTTP server. Was ZDI-CAN-21417.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-808/ |
History
Thu, 19 Sep 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Actiontec
Actiontec wcb6200q Actiontec wcb6200q Firmware |
|
CPEs | cpe:2.3:h:actiontec:wcb6200q:-:*:*:*:*:*:*:* cpe:2.3:o:actiontec:wcb6200q_firmware:1.2l.03.5:*:*:*:*:*:*:* |
|
Vendors & Products |
Actiontec
Actiontec wcb6200q Actiontec wcb6200q Firmware |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-06-18T23:39:02.468Z
Updated: 2024-08-01T21:33:04.866Z
Reserved: 2024-06-18T21:08:52.383Z
Link: CVE-2024-6145
Vulnrichment
Updated: 2024-08-01T21:33:04.866Z
NVD
Status : Modified
Published: 2024-06-19T00:15:50.413
Modified: 2024-11-21T09:49:03.640
Link: CVE-2024-6145
Redhat
No data.