CVE-2014-6436

CRITICAL

Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Remote Command Execution via Session Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6436. PoCs published by Eric Fajardo.

AI-analyzed exploit summary This exploit leverages a session hijacking vulnerability in multiple Aztech modem routers, allowing an attacker to reset the admin password without authentication by sending a crafted POST request to the vulnerable endpoint.

Description

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eric Fajardo · perlremotehardware
https://www.exploit-db.com/exploits/39316

This exploit leverages a session hijacking vulnerability in multiple Aztech modem routers, allowing an attacker to reset the admin password without authentication by sending a crafted POST request to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Aztech Modem Routers (DSL5018EN(1T1R), DSL705E, DSL705EU)
No auth needed
Prerequisites: Network access to the target modem · Valid session of a privileged user (admin)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69811
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533489/100/0/threaded

Scores

CVSS v3 9.8
EPSS 0.4031
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
aztech/adsl_dsl5018en_\(1t1r\)_firmware
aztech/dsl705e_firmware
aztech/dsl705eu_firmware
Published Jan 12, 2018
Tracked Since Feb 18, 2026