Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Actiontec WCB6200Q 安全漏洞
Vulnerability Description
Actiontec WCB6200Q是美国Actiontec公司的一款WiFi网络扩展器。 Actiontec WCB6200Q 1.1.10.20a之前版本中存在安全漏洞,该漏洞源于程序没有安全的创建管理员登录会话cookie。攻击者可利用该漏洞控制设备并构建一个网络后门。
CVSS Information
N/A
Vulnerability Type
N/A