Vulnerability Details CVE-2014-6436
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.154
EPSS Ranking 94.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html
- http://www.securityfocus.com/archive/1/533489/100/0/threaded
- http://www.securityfocus.com/bid/69811
- http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html
- http://www.securityfocus.com/archive/1/533489/100/0/threaded
- http://www.securityfocus.com/bid/69811
Products affected by CVE-2014-6436
-
cpe:2.3:h:aztech:adsl_dsl5018en_(1t1r):-
-
cpe:2.3:h:aztech:dsl705e:-
-
cpe:2.3:h:aztech:dsl705eu:-
-
cpe:2.3:o:aztech:adsl_dsl5018en_(1t1r)_firmware:-
-
cpe:2.3:o:aztech:dsl705e_firmware:-
-
cpe:2.3:o:aztech:dsl705eu_firmware:-