Vulnerability Description
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aztech | Adsl Dsl5018En \(1T1R\) Firmware | - |
| Aztech | Adsl Dsl5018En \(1T1R\) | - |
| Aztech | Dsl705E Firmware | - |
| Aztech | Dsl705E | - |
| Aztech | Dsl705Eu Firmware | - |
| Aztech | Dsl705Eu | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/533489/100/0/threaded
- http://www.securityfocus.com/bid/69811Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/533489/100/0/threaded
- http://www.securityfocus.com/bid/69811Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-6436?
CVE-2014-6436 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary comm...
How severe is CVE-2014-6436?
CVE-2014-6436 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-6436?
Check the references section above for vendor advisories and patch information. Affected products include: Aztech Adsl Dsl5018En \(1T1R\) Firmware, Aztech Adsl Dsl5018En \(1T1R\), Aztech Dsl705E Firmware, Aztech Dsl705E, Aztech Dsl705Eu Firmware.