CVE-2014-6437

CRITICAL

Aztech DSL5018EN DSL705E DSL705EU - Unauthenticated Sensitive Information Exposure via ROM File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6437. PoCs published by Eric Fajardo.

AI-analyzed exploit summary This exploit targets an information disclosure vulnerability in Aztech Modem Routers by sending a crafted HTTP request with specific headers to retrieve the device's configuration file. The script uses curl to send the request and saves the response to a file.

Description

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eric Fajardo · cremotehardware
https://www.exploit-db.com/exploits/39314

This exploit targets an information disclosure vulnerability in Aztech Modem Routers by sending a crafted HTTP request with specific headers to retrieve the device's configuration file. The script uses curl to send the request and saves the response to a file.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Aztech Modem Routers (version not specified)
No auth needed
Prerequisites: Network access to the target device · Target device must be running a vulnerable Aztech Modem Router
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69808
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/533489/100/0/threaded

Scores

CVSS v3 9.8
EPSS 0.2300
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (3)
aztech/adsl_dsl5018en_\(1t1r\)_firmware
aztech/dsl705e_firmware
aztech/dsl705eu_firmware
Published Jan 12, 2018
Tracked Since Feb 18, 2026