Vulnerability Description
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a session cookie is generated using the time of day rounded to 10ms. Since the web server returns its current time of day in responses, it is possible to step backward through possible session values until a working one is found. Once a working session ID is found, an attacker then has admin control of the device and can add a secondary SSID to create a backdoor to the network.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Actiontec | Wcb6200Q Firmware | < 1.1.10.20a |
| Actiontec | Wcb6200Q | - |
Related Weaknesses (CWE)
References
- https://actiontecsupport.zendesk.com/hc/en-us/articles/115000432163-WCB6200Q-FirIssue TrackingVendor Advisory
- https://actiontecsupport.zendesk.com/hc/en-us/articles/115000432163-WCB6200Q-FirIssue TrackingVendor Advisory
FAQ
What is CVE-2018-10252?
CVE-2018-10252 is a vulnerability with a CVSS score of 8.1 (HIGH). An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. The admin login session cookie is insecurely generated making admin session hijacking possible. When an admin logs in, a sessio...
How severe is CVE-2018-10252?
CVE-2018-10252 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10252?
Check the references section above for vendor advisories and patch information. Affected products include: Actiontec Wcb6200Q Firmware, Actiontec Wcb6200Q.