PT-2018-4285 · Aztech · Aztech Adsl Dsl705Eu+1
Published
2018-01-12
·
Updated
2018-01-31
·
CVE-2014-6435
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Aztech ADSL DSL5018EN (1T1R) version not specified
Aztech ADSL DSL705E version not specified
Aztech ADSL DSL705EU version not specified
Description
The issue is related to the
cgi-bin/AZ Retrain.cgi endpoint, which does not check for authentication. This allows remote attackers to cause a denial of service, specifically a WAN connectivity reset, by sending a direct request to this endpoint.Recommendations
For Aztech ADSL DSL5018EN (1T1R), consider restricting access to the
cgi-bin/AZ Retrain.cgi endpoint until a fix is available.
For Aztech ADSL DSL705E, consider restricting access to the cgi-bin/AZ Retrain.cgi endpoint until a fix is available.
For Aztech ADSL DSL705EU, consider restricting access to the cgi-bin/AZ Retrain.cgi endpoint until a fix is available.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aztech Adsl Dsl5018En
Aztech Adsl Dsl705Eu