Details of VAR-201906-0591

ID

VAR-201906-0591

CVE

CVE-2019-12789

TITLE

Actiontec T2200H Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-005622

DESCRIPTION

An issue was discovered on Actiontec T2200H T2200H-31.128L.08 devices, as distributed by Telus. By attaching a UART adapter to the UART pins on the system board, an attacker can use a special key sequence (Ctrl-\) to obtain a shell with root privileges. After gaining root access, the attacker can mount the filesystem read-write and make permanent modifications to the device including bricking of the device, disabling vendor management of the device, preventing automatic upgrades, and permanently installing malicious code on the device. Actiontec T2200H Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ActiontecElectronicsT2200H is a modem from Actiontec Electronics of the United States. A security vulnerability exists in the ActiontecElectronicsT2200HT2200H-31.128L.08 release

Trust: 2.25

sources: NVD: CVE-2019-12789 // JVNDB: JVNDB-2019-005622 // CNVD: CNVD-2019-22649 // VULHUB: VHN-144570

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-22649

AFFECTED PRODUCTS

vendor:	actiontec	model:	t2200h	scope:	eq	version:	t2200h-31.1238l.08	Trust: 1.0
vendor:	actiontec	model:	t2200h	scope:	eq	version:	t2200h-31.128l.03	Trust: 0.8
vendor:	actiontec	model:	electronics t2200h t2200h-31.128l.08	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-22649 // JVNDB: JVNDB-2019-005622 // NVD: CVE-2019-12789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12789
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-12789
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-22649
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201906-654
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-144570
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12789
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-22649
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144570
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12789
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-22649 // VULHUB: VHN-144570 // JVNDB: JVNDB-2019-005622 // CNNVD: CNNVD-201906-654 // NVD: CVE-2019-12789

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-144570 // JVNDB: JVNDB-2019-005622 // NVD: CVE-2019-12789

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201906-654

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005622

PATCH

title:

Welcome to Actiontec’s Blog

url:

https://www.actiontec.com/blog/

Trust: 0.8

sources: JVNDB: JVNDB-2019-005622

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12789	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-005622	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-654	Trust: 0.7
db:	CNVD	id:	CNVD-2019-22649	Trust: 0.6
db:	PACKETSTORM	id:	153271	Trust: 0.1
db:	VULHUB	id:	VHN-144570	Trust: 0.1

sources: CNVD: CNVD-2019-22649 // VULHUB: VHN-144570 // JVNDB: JVNDB-2019-005622 // CNNVD: CNNVD-201906-654 // NVD: CVE-2019-12789

REFERENCES

url:	http://seclists.org/fulldisclosure/2019/jun/10	Trust: 2.5
url:	https://www.actiontec.com/blog/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12789	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12789	Trust: 0.8
url:	https://seclists.org/fulldisclosure/2019/jun/7	Trust: 0.6

sources: CNVD: CNVD-2019-22649 // VULHUB: VHN-144570 // JVNDB: JVNDB-2019-005622 // CNNVD: CNNVD-201906-654 // NVD: CVE-2019-12789

SOURCES

db:	CNVD	id:	CNVD-2019-22649
db:	VULHUB	id:	VHN-144570
db:	JVNDB	id:	JVNDB-2019-005622
db:	CNNVD	id:	CNNVD-201906-654
db:	NVD	id:	CVE-2019-12789

LAST UPDATE DATE

2024-11-23T23:11:51.376000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-22649	date:	2019-07-23T00:00:00
db:	VULHUB	id:	VHN-144570	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-005622	date:	2019-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201906-654	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-12789	date:	2024-11-21T04:23:35.060

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-22649	date:	2019-07-16T00:00:00
db:	VULHUB	id:	VHN-144570	date:	2019-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-005622	date:	2019-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201906-654	date:	2019-06-17T00:00:00
db:	NVD	id:	CVE-2019-12789	date:	2019-06-17T17:15:11.193