Wcb6200Q Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:actiontec:wcb6200q_firmware:*:*:*:*:*:*:*:*
part: o version: * update: *
| Vendor | Actiontec (02563978-d526-5d27-b953-be595024c1b3) |
|---|---|
| Product | Wcb6200Q Firmware (f068cb05-5d93-5076-be42-5a4f6a58ffb2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-10252 |
vulnerable | 2026-06-03 14:37:53.276410 |
Details available
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.
Published: 2018-05-14T14:00:00.000Z
Updated: 2024-08-05T07:32:01.629Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.