cvelistv5 - CVE-2014-6435

CVE-2014-6435

Vulnerability from cvelistv5

Published

2018-01-12 17:00

Modified

2024-08-06 12:17

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/69809	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69809	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:17:23.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
          },
          {
            "name": "69809",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69809"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-12T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
        },
        {
          "name": "69809",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69809"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6435",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
            },
            {
              "name": "69809",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69809"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-6435",
    "datePublished": "2018-01-12T17:00:00",
    "dateReserved": "2014-09-16T00:00:00",
    "dateUpdated": "2024-08-06T12:17:23.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:aztech:adsl_dsl5018en_\\\\(1t1r\\\\)_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7EAEBDA-7647-468C-B74E-0E5BFC9926DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:aztech:adsl_dsl5018en_\\\\(1t1r\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6DE6B23-0A44-4606-861D-B00123FDEC46\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F0E1517-E45F-4BC6-9CE3-3458F3B321F5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEE2578A-F0E4-43E2-A152-1CB50C10436E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AB9E6C8-5E62-4829-87C3-9750824CF657\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DDF7317-E11C-4B84-9D9A-1AFA70347305\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.\"}, {\"lang\": \"es\", \"value\": \"cgi-bin/AZ_Retrain.cgi en dispositivos Aztech ADSL DSL5018EN (1T1R), DSL705E y DSL705EU no realiza comprobaciones de autenticaci\\u00f3n, lo que permite que atacantes remotos provoquen una denegaci\\u00f3n de servicio (restablecimiento de la conectividad WAN) mediante una petici\\u00f3n directa.\"}]",
      "id": "CVE-2014-6435",
      "lastModified": "2024-11-21T02:14:22.717",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-01-12T17:29:00.287",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/69809\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/69809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-6435\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-12T17:29:00.287\",\"lastModified\":\"2024-11-21T02:14:22.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.\"},{\"lang\":\"es\",\"value\":\"cgi-bin/AZ_Retrain.cgi en dispositivos Aztech ADSL DSL5018EN (1T1R), DSL705E y DSL705EU no realiza comprobaciones de autenticaci\u00f3n, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (restablecimiento de la conectividad WAN) mediante una petici\u00f3n directa.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aztech:adsl_dsl5018en_\\\\(1t1r\\\\)_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7EAEBDA-7647-468C-B74E-0E5BFC9926DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aztech:adsl_dsl5018en_\\\\(1t1r\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6DE6B23-0A44-4606-861D-B00123FDEC46\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F0E1517-E45F-4BC6-9CE3-3458F3B321F5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEE2578A-F0E4-43E2-A152-1CB50C10436E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB9E6C8-5E62-4829-87C3-9750824CF657\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DDF7317-E11C-4B84-9D9A-1AFA70347305\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/69809\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/69809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

gsd-2014-6435

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-6435

Aliases

CVE-2014-6435

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-6435",
    "description": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.",
    "id": "GSD-2014-6435",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-6435"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-6435"
      ],
      "details": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.",
      "id": "GSD-2014-6435",
      "modified": "2023-12-13T01:22:50.063670Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-6435",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
          },
          {
            "name": "69809",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/69809"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-6435"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "69809",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/69809"
            },
            {
              "name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2018-01-31T15:24Z",
      "publishedDate": "2018-01-12T17:29Z"
    }
  }
}

cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. plural Aztech ADSL The device contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AztechDSL5018EN, DSL705E and DSL705EU are router products of the Aztech Group of Singapore. A denial of service vulnerability exists in several Aztech routers. An attacker could exploit the vulnerability to crash an affected device, causing a denial of service. Aztech DSL5018EN, DSL705E and DSL705EU are vulnerable. The vulnerability is due to the fact that the program does not perform authentication detection. PRODUCT DESCRIPTION

The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU.

Vendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html

Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network.

Proof of Concept for this vulnerability

Send a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt

Broken Session Management

A successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid.

Proof of Concept for this vulnerability

From computer A, open a web browser and login to the modem/router's web portal using the administrator ID.
From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt
File and Data Exposure

The router's configuration file contains the hardware information as well as all of the user's credentials. This includes the customer's name and WAN account, the TR-069 credential of the telecom company and the web portal's admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure.

Proof of Concept for this vulnerability

a. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt b. Decipher the downloaded rommfile.cfg using Caesar cipher.

Web Parameter Tampering

Some of the router's restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data.

Proof of Concept for this vulnerability

a. Open a web browser and redirect traffic to localhost:8080. b. Open burb proxy and intercept traffic coming from the browser. c. Login to the router's web portal and go to the page where the protected values are located. d. Find the reference to the hidden values in the form and modify it. e. Submit the request to the router. Refresh the browser to see the modified protected values.

Screenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz

The following CVE's precedes the above and were found as fixed:

CVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. CVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. CVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.

Researchers: Federick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0071",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "adsl dsl5018en \\",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "aztech",
        "version": null
      },
      {
        "model": "dsl705eu",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "aztech",
        "version": null
      },
      {
        "model": "dsl705e",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "aztech",
        "version": null
      },
      {
        "model": "dsl5018en",
        "scope": null,
        "trust": 0.8,
        "vendor": "aztech group",
        "version": null
      },
      {
        "model": "dsl705e",
        "scope": null,
        "trust": 0.8,
        "vendor": "aztech group",
        "version": null
      },
      {
        "model": "dsl705eu",
        "scope": null,
        "trust": 0.8,
        "vendor": "aztech group",
        "version": null
      },
      {
        "model": "adsl dsl5018en",
        "scope": null,
        "trust": 0.6,
        "vendor": "aztech",
        "version": null
      },
      {
        "model": "dsl705e",
        "scope": null,
        "trust": 0.6,
        "vendor": "aztech",
        "version": null
      },
      {
        "model": "dsl705eu",
        "scope": null,
        "trust": 0.6,
        "vendor": "aztech",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Federick Joe P Fajardo",
    "sources": [
      {
        "db": "BID",
        "id": "69809"
      },
      {
        "db": "PACKETSTORM",
        "id": "128254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2014-6435",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-6435",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-04207",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-74379",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-6435",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-6435",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-04207",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1208",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-74379",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. plural Aztech ADSL The device contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AztechDSL5018EN, DSL705E and DSL705EU are router products of the Aztech Group of Singapore. A denial of service vulnerability exists in several Aztech routers. An attacker could exploit the vulnerability to crash an affected device, causing a denial of service. \nAztech DSL5018EN, DSL705E and DSL705EU are vulnerable. The vulnerability is due to the fact that the program does not perform authentication detection. PRODUCT DESCRIPTION\n\nThe Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU. \n\nVendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html\n\n1. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network. \n\nProof of Concept for this vulnerability\n\nSend a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt\n\n2. Broken Session Management\n\nA successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid. \n\nProof of Concept for this vulnerability\n\n1. From computer A, open a web browser and login to the modem/router\u0027s web portal using the administrator ID. \n2. From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt\n\n3. File and Data Exposure\n\nThe router\u0027s configuration file contains the hardware information as well as all of the user\u0027s credentials. This includes the customer\u0027s name and WAN account, the TR-069 credential of the telecom company and the web portal\u0027s admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure. \n\nProof of Concept for this vulnerability\n\na. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt\nb. Decipher the downloaded rommfile.cfg using Caesar cipher. \n\n4. Web Parameter Tampering\n\nSome of the router\u0027s restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data. \n\nProof of Concept for this vulnerability\n\na. Open a web browser and redirect traffic to localhost:8080. \nb. Open burb proxy and intercept traffic coming from the browser. \nc. Login to the router\u0027s web portal and go to the page where the protected values are located. \nd. Find the reference to the hidden values in the form and modify it. \ne. Submit the request to the router. Refresh the browser to see the modified protected values. \n\nScreenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz\n\nThe following CVE\u0027s precedes the above and were found as fixed:\n\nCVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed. \nCVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. \nCVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. \n\nResearchers:\nFederick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "BID",
        "id": "69809"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "PACKETSTORM",
        "id": "128254"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-74379",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-6435",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "69809",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "128254",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39315",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "BID",
        "id": "69809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "PACKETSTORM",
        "id": "128254"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "id": "VAR-201801-0071",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      }
    ],
    "trust": 1.2714286
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:14:04.032000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.aztech.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/128254/aztech-dsl5018en-dsl705e-dsl705eu-dos-broken-session-management.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/69809"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6435"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6435"
      },
      {
        "trust": 0.3,
        "url": "http://www.aztech.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6436"
      },
      {
        "trust": 0.1,
        "url": "http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html"
      },
      {
        "trust": 0.1,
        "url": "http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-6437"
      },
      {
        "trust": 0.1,
        "url": "http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt"
      },
      {
        "trust": 0.1,
        "url": "http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt"
      },
      {
        "trust": 0.1,
        "url": "http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "BID",
        "id": "69809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "PACKETSTORM",
        "id": "128254"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "db": "BID",
        "id": "69809"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "db": "PACKETSTORM",
        "id": "128254"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "BID",
        "id": "69809"
      },
      {
        "date": "2018-02-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "date": "2014-09-15T19:44:56",
        "db": "PACKETSTORM",
        "id": "128254"
      },
      {
        "date": "2018-01-12T17:29:00.287000",
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "date": "2014-09-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04207"
      },
      {
        "date": "2018-01-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-74379"
      },
      {
        "date": "2014-09-23T00:01:00",
        "db": "BID",
        "id": "69809"
      },
      {
        "date": "2018-02-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      },
      {
        "date": "2018-01-31T15:24:06.313000",
        "db": "NVD",
        "id": "CVE-2014-6435"
      },
      {
        "date": "2018-01-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Aztech ADSL Authentication vulnerabilities in devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008487"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1208"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2014-6435

Vulnerability from fkie_nvd

Published

2018-01-12 17:29

Modified

2024-11-21 02:14

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/69809	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/69809	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
aztech	adsl_dsl5018en_\(1t1r\)_firmware	-
aztech	adsl_dsl5018en_\(1t1r\)	-
aztech	dsl705e_firmware	-
aztech	dsl705e	-
aztech	dsl705eu_firmware	-
aztech	dsl705eu	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7EAEBDA-7647-468C-B74E-0E5BFC9926DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6DE6B23-0A44-4606-861D-B00123FDEC46",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F0E1517-E45F-4BC6-9CE3-3458F3B321F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE2578A-F0E4-43E2-A152-1CB50C10436E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB9E6C8-5E62-4829-87C3-9750824CF657",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DDF7317-E11C-4B84-9D9A-1AFA70347305",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request."
    },
    {
      "lang": "es",
      "value": "cgi-bin/AZ_Retrain.cgi en dispositivos Aztech ADSL DSL5018EN (1T1R), DSL705E y DSL705EU no realiza comprobaciones de autenticaci\u00f3n, lo que permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (restablecimiento de la conectividad WAN) mediante una petici\u00f3n directa."
    }
  ],
  "id": "CVE-2014-6435",
  "lastModified": "2024-11-21T02:14:22.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-12T17:29:00.287",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/69809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/69809"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-46w7-rq7x-9wg9

Vulnerability from github

Published

2022-05-14 03:47

Modified

2022-05-14 03:47

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-6435"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-12T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.",
  "id": "GHSA-46w7-rq7x-9wg9",
  "modified": "2022-05-14T03:47:38Z",
  "published": "2022-05-14T03:47:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6435"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/69809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-6435

Vulnerability from cvelistv5

gsd-2014-6435

Vulnerability from gsd

var-201801-0071

Vulnerability from variot

fkie_cve-2014-6435

Vulnerability from fkie_nvd

ghsa-46w7-rq7x-9wg9

Vulnerability from github

Tags

Sightings

Nomenclature