← Back

CVE-2014-6436

nvd nist
Published: Jan 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.

Affected (3)

Aztech
3 products
Adsl Dsl5018en (1t1r) Firmware
Dsl705e Firmware
Dsl705eu Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adsl Dsl5018en (1t1r) Firmware
All versions
Running on/withPlatform Versions
Aztech
Adsl Dsl5018en (1t1r)
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dsl705e Firmware
All versions
Running on/withPlatform Versions
Aztech
Dsl705e
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dsl705eu Firmware
All versions
Running on/withPlatform Versions
Aztech
Dsl705eu
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.