PT-2018-4286 · Aztech · Aztech Adsl Dsl705Eu+1

Published

2018-01-12

Updated

2018-10-09

CVE-2014-6436

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Aztech ADSL DSL5018EN (1T1R) version not specified Aztech ADSL DSL705E version not specified Aztech ADSL DSL705EU version not specified

Description The issue is related to improper session management in the affected devices, allowing remote attackers to bypass authentication and execute arbitrary commands with administrator privileges under certain circumstances, by leveraging an existing web portal login.

Recommendations For Aztech ADSL DSL5018EN (1T1R), consider restricting access to the web portal until a fix is available. For Aztech ADSL DSL705E, restrict access to the web portal until a fix is available. For Aztech ADSL DSL705EU, restrict access to the web portal until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2014-6436

Affected Products

Aztech Adsl Dsl5018En

Aztech Adsl Dsl705Eu

PT-2018-4286 · Aztech · Aztech Adsl Dsl705Eu+1

CVE-2014-6436

Weakness Enumeration

Related Identifiers

Affected Products

References · 5