Telus Actiontec T2200H Serial Number Information Disclosure
Posted by deepcore on June 13, 2019 – 11:59 am
Telus Actiontec T2200H with firmware T2200H-31.128L.08 suffers from a serial number information disclosure vulnerability. The wireless extenders use DHCP Option 125 to include device details such as model number, manufacturer, and serial number. By forging a special DHCP packet using Option 125, an attacker can obtain the device serial number. Once he or she has this, the device’s admin web UI password can be reset using the web UI “forgot password” page to reset to a known value.
Post a reply
You must be logged in to post a comment.