CVE-2014-6436

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:aztech:adsl_dsl5018en_\(1t1r\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:adsl_dsl5018en_\(1t1r\):-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:14

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html - Exploit, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/533489/100/0/threaded - () http://www.securityfocus.com/archive/1/533489/100/0/threaded -
References () http://www.securityfocus.com/bid/69811 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/69811 - Third Party Advisory, VDB Entry

Information

Published : 2018-01-12 17:29

Updated : 2024-11-21 02:14


NVD link : CVE-2014-6436

Mitre link : CVE-2014-6436

CVE.ORG link : CVE-2014-6436


JSON object : View

Products Affected

aztech

  • dsl705e_firmware
  • dsl705eu_firmware
  • adsl_dsl5018en_\(1t1r\)_firmware
  • adsl_dsl5018en_\(1t1r\)
  • dsl705eu
  • dsl705e
CWE
CWE-287

Improper Authentication