CVE-2014-6436

CRITICAL

Aztech ADSL - Privilege Escalation

Title source: llm

Description

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eric Fajardo · perlremotehardware

https://www.exploit-db.com/exploits/39316

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/69811

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/533489/100/0/threaded

Scores

CVSS v3 9.8

EPSS 0.4031

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (3)

aztech/adsl_dsl5018en_\(1t1r\)_firmware

aztech/dsl705e_firmware

aztech/dsl705eu_firmware

Published Jan 12, 2018

Tracked Since Feb 18, 2026