Search
Find a vulnerability
Search criteria
13 vulnerabilities by aztech
VAR-200903-0187
Vulnerability from variot - Updated: 2025-04-10 23:24cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. Aztech ADSL2/2+ 4 Port Router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Aztech ADSL2/2+ 4 Port Router with firmware 3.7.0 is vulnerable; other versions may also be affected. Aztech ADSL2/2+ 4-port router is a small household ADSL broadband router product. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Aztech ADSL2/2+ Shell Command Injection
SECUNIA ADVISORY ID: SA29551
VERIFY ADVISORY: http://secunia.com/advisories/29551/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
OPERATING SYSTEM: Aztech ADSL2/2+ 3.x http://secunia.com/product/18245/
DESCRIPTION: sipher has reported a vulnerability in Aztech ADSL2/2+, which can be exploited by malicious people to compromise a vulnerable system.
Input passed via cgi-bin/script is not properly sanitised before being used. via specially crafted HTTP requests.
SOLUTION: Filter malicious characters and character sequences using e.g. a web proxy.
PROVIDED AND/OR DISCOVERED BY: sipher
ORIGINAL ADVISORY: http://core.ifconfig.se/~core/?p=21
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200903-0187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl2\\/2\\+4-port router",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": "3.7.0"
},
{
"model": "adsl2/2+4-port router",
"scope": "eq",
"trust": 0.8,
"vendor": "aztech group",
"version": "3.7.0 build 070426"
},
{
"model": "adsl2/2+ port",
"scope": "eq",
"trust": 0.3,
"vendor": "aztech",
"version": "43.7"
}
],
"sources": [
{
"db": "BID",
"id": "28458"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:aztech:adsl2%2F2%2B4-port_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sipherr@gmail.com",
"sources": [
{
"db": "BID",
"id": "28458"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
}
],
"trust": 0.9
},
"cve": "CVE-2008-6554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-6554",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-36679",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-6554",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-6554",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200903-512",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-36679",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. Aztech ADSL2/2+ 4 Port Router is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. \nAztech ADSL2/2+ 4 Port Router with firmware 3.7.0 is vulnerable; other versions may also be affected. Aztech ADSL2/2+ 4-port router is a small household ADSL broadband router product. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nAztech ADSL2/2+ Shell Command Injection\n\nSECUNIA ADVISORY ID:\nSA29551\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29551/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nAztech ADSL2/2+ 3.x\nhttp://secunia.com/product/18245/\n\nDESCRIPTION:\nsipher has reported a vulnerability in Aztech ADSL2/2+, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nInput passed via cgi-bin/script is not properly sanitised before\nbeing used. via specially crafted HTTP requests. \n\nSOLUTION:\nFilter malicious characters and character sequences using e.g. a web\nproxy. \n\nPROVIDED AND/OR DISCOVERED BY:\nsipher\n\nORIGINAL ADVISORY:\nhttp://core.ifconfig.se/~core/?p=21\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6554"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "BID",
"id": "28458"
},
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "PACKETSTORM",
"id": "65317"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-6554",
"trust": 2.8
},
{
"db": "BID",
"id": "28458",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29551",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "44267",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963",
"trust": 0.8
},
{
"db": "XF",
"id": "41492",
"trust": 0.6
},
{
"db": "XF",
"id": "224",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080326 AZTECH ADSL2/2+ 4 PORT REMOTE ROOT",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-36679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "65317",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "BID",
"id": "28458"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "PACKETSTORM",
"id": "65317"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"id": "VAR-200903-0187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-36679"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:24:12.905000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28458"
},
{
"trust": 1.7,
"url": "http://osvdb.org/44267"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29551"
},
{
"trust": 1.2,
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6554"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6554"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41492"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/490100/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.aztech.com"
},
{
"trust": 0.3,
"url": "/archive/1/490100"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/18245/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29551/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "BID",
"id": "28458"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "PACKETSTORM",
"id": "65317"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-36679"
},
{
"db": "BID",
"id": "28458"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"db": "PACKETSTORM",
"id": "65317"
},
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-36679"
},
{
"date": "2008-03-26T00:00:00",
"db": "BID",
"id": "28458"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"date": "2008-04-09T02:22:39",
"db": "PACKETSTORM",
"id": "65317"
},
{
"date": "2009-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"date": "2009-03-30T20:30:00.843000",
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-36679"
},
{
"date": "2015-05-07T17:31:00",
"db": "BID",
"id": "28458"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002963"
},
{
"date": "2009-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200903-512"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-6554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL2/2+ 4-port Router cgi-bin/script Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200903-512"
}
],
"trust": 0.6
}
}
VAR-200709-0365
Vulnerability from variot - Updated: 2025-04-10 23:21The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. Dsl 600Eu Router is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0365",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dsl 600eu router",
"scope": "eq",
"trust": 1.0,
"vendor": "aztech",
"version": "*"
},
{
"model": "dsl 600eu router",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl 600eu router",
"scope": null,
"trust": 0.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl 600eu router",
"scope": "eq",
"trust": 0.3,
"vendor": "aztech",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "85396"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:aztech:dsl_600eu_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85396"
}
],
"trust": 0.3
},
"cve": "CVE-2007-4733",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-4733",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-28095",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4733",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-4733",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-053",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-28095",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28095"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. Dsl 600Eu Router is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4733"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "BID",
"id": "85396"
},
{
"db": "VULHUB",
"id": "VHN-28095"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4733",
"trust": 2.8
},
{
"db": "SREASON",
"id": "3093",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1018641",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "45877",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20070830 AZTECH ROUTER DSL600EU IP AND ARP SPOOF",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053",
"trust": 0.6
},
{
"db": "BID",
"id": "85396",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-28095",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28095"
},
{
"db": "BID",
"id": "85396"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"id": "VAR-200709-0365",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28095"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:21:44.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28095"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://securitytracker.com/id?1018641"
},
{
"trust": 2.0,
"url": "http://securityreason.com/securityalert/3093"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45877"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/478314/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4733"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4733"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28095"
},
{
"db": "BID",
"id": "85396"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28095"
},
{
"db": "BID",
"id": "85396"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-28095"
},
{
"date": "2007-09-06T00:00:00",
"db": "BID",
"id": "85396"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"date": "2007-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"date": "2007-09-06T19:17:00",
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28095"
},
{
"date": "2007-09-06T00:00:00",
"db": "BID",
"id": "85396"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002594"
},
{
"date": "2007-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-053"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-4733"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech DSL600EU In the router Web Vulnerability connected to interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-053"
}
],
"trust": 0.6
}
}
VAR-200904-0019
Vulnerability from variot - Updated: 2025-04-10 23:17Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl2\\/2\\+4-port router",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "adsl2/2+4-port router",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:aztech:adsl2%2F2%2B4-port_router",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
}
]
},
"cve": "CVE-2008-6588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-6588",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-36713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-6588",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-6588",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-056",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-36713",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36713"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-6588"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "VULHUB",
"id": "VHN-36713"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-6588",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "51229",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056",
"trust": 0.7
},
{
"db": "VULN-DEV",
"id": "20080418 AZTECH ADSL2/2+ 4 PORT DEFAULT PASSWORD",
"trust": 0.6
},
{
"db": "VULN-DEV",
"id": "20080421 RE: AZTECH ADSL2/2+ 4 PORT DEFAULT PASSWORD",
"trust": 0.6
},
{
"db": "XF",
"id": "50068",
"trust": 0.6
},
{
"db": "BID",
"id": "84530",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-36713",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36713"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"id": "VAR-200904-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-36713"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:17:54.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36713"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://osvdb.org/51229"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6588"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6588"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/50068"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-36713"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-36713"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-36713"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"date": "2009-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"date": "2009-04-03T18:30:00.297000",
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-36713"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002970"
},
{
"date": "2009-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-056"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-6588"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL2/2+ 4-port Vulnerability to obtain access rights in routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-056"
}
],
"trust": 0.6
}
}
VAR-201801-0073
Vulnerability from variot - Updated: 2024-11-23 22:07Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. plural Aztech ADSL The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AztechModemRouters is a Modem and router all-in-one product from Aztech Group of Singapore. An information disclosure vulnerability exists in AztechModemRouters. An attacker could exploit the vulnerability to gain access to sensitive information and facilitate further attacks. Aztech Modem Routers are prone to an information-disclosure vulnerability. PRODUCT DESCRIPTION
The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU.
Vendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html
- Denial of Service (DoS)
The CGI script that resets the WAN connectivity of the modem can be called directly from the web server with no authentication. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network.
Proof of Concept for this vulnerability
Send a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt
- Broken Session Management
A successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid.
Proof of Concept for this vulnerability
- From computer A, open a web browser and login to the modem/router's web portal using the administrator ID.
-
From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt
-
File and Data Exposure
The router's configuration file contains the hardware information as well as all of the user's credentials. This includes the customer's name and WAN account, the TR-069 credential of the telecom company and the web portal's admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure.
Proof of Concept for this vulnerability
a. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt b. Decipher the downloaded rommfile.cfg using Caesar cipher.
- Web Parameter Tampering
Some of the router's restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data.
Proof of Concept for this vulnerability
a. Open a web browser and redirect traffic to localhost:8080. b. Open burb proxy and intercept traffic coming from the browser. c. Login to the router's web portal and go to the page where the protected values are located. d. Find the reference to the hidden values in the form and modify it. e. Submit the request to the router. Refresh the browser to see the modified protected values.
Screenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz
The following CVE's precedes the above and were found as fixed:
CVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. CVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. CVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
Researchers: Federick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl dsl5018en \\",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705eu",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705e",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl5018en",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705e",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705eu",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "modem routers",
"scope": null,
"trust": 0.6,
"vendor": "aztech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:aztech:adsl_dsl5018en_%281t1r%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705eu_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eric Fajardo",
"sources": [
{
"db": "BID",
"id": "69808"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
}
],
"trust": 0.9
},
"cve": "CVE-2014-6437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6437",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-04209",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-74381",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-6437",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6437",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-6437",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-04209",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1207",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-74381",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file. plural Aztech ADSL The device contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AztechModemRouters is a Modem and router all-in-one product from Aztech Group of Singapore. An information disclosure vulnerability exists in AztechModemRouters. An attacker could exploit the vulnerability to gain access to sensitive information and facilitate further attacks. Aztech Modem Routers are prone to an information-disclosure vulnerability. PRODUCT DESCRIPTION\n\nThe Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU. \n\nVendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html\n\n1. Denial of Service (DoS)\n\nThe CGI script that resets the WAN connectivity of the modem can be called directly from the web server with no authentication. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network. \n\nProof of Concept for this vulnerability\n\nSend a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt\n\n2. Broken Session Management\n\nA successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid. \n\nProof of Concept for this vulnerability\n\n1. From computer A, open a web browser and login to the modem/router\u0027s web portal using the administrator ID. \n2. From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt\n\n3. File and Data Exposure\n\nThe router\u0027s configuration file contains the hardware information as well as all of the user\u0027s credentials. This includes the customer\u0027s name and WAN account, the TR-069 credential of the telecom company and the web portal\u0027s admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure. \n\nProof of Concept for this vulnerability\n\na. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt\nb. Decipher the downloaded rommfile.cfg using Caesar cipher. \n\n4. Web Parameter Tampering\n\nSome of the router\u0027s restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data. \n\nProof of Concept for this vulnerability\n\na. Open a web browser and redirect traffic to localhost:8080. \nb. Open burb proxy and intercept traffic coming from the browser. \nc. Login to the router\u0027s web portal and go to the page where the protected values are located. \nd. Find the reference to the hidden values in the form and modify it. \ne. Submit the request to the router. Refresh the browser to see the modified protected values. \n\nScreenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz\n\nThe following CVE\u0027s precedes the above and were found as fixed:\n\nCVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed. \nCVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. \nCVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. \n\nResearchers:\nFederick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6437"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "BID",
"id": "69808"
},
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "PACKETSTORM",
"id": "128254"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-74381",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74381"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6437",
"trust": 3.5
},
{
"db": "BID",
"id": "69808",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128254",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04209",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "39314",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-74381",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "BID",
"id": "69808"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"id": "VAR-201801-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "VULHUB",
"id": "VHN-74381"
}
],
"trust": 1.4857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
}
]
},
"last_update_date": "2024-11-23T22:07:05.593000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/128254/aztech-dsl5018en-dsl705e-dsl705eu-dos-broken-session-management.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/69808"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6437"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6437"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/533489/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6436"
},
{
"trust": 0.1,
"url": "http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "VULHUB",
"id": "VHN-74381"
},
{
"db": "BID",
"id": "69808"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-74381"
},
{
"date": "2014-09-15T00:00:00",
"db": "BID",
"id": "69808"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"date": "2014-09-15T19:44:56",
"db": "PACKETSTORM",
"id": "128254"
},
{
"date": "2014-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"date": "2018-01-12T17:29:00.397000",
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-74381"
},
{
"date": "2014-09-23T00:01:00",
"db": "BID",
"id": "69808"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008489"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1207"
},
{
"date": "2024-11-21T02:14:23.020000",
"db": "NVD",
"id": "CVE-2014-6437"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech Modem Routers Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04209"
},
{
"db": "BID",
"id": "69808"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1207"
}
],
"trust": 0.6
}
}
VAR-201801-0071
Vulnerability from variot - Updated: 2024-11-23 22:07cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. plural Aztech ADSL The device contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AztechDSL5018EN, DSL705E and DSL705EU are router products of the Aztech Group of Singapore. A denial of service vulnerability exists in several Aztech routers. An attacker could exploit the vulnerability to crash an affected device, causing a denial of service. Aztech DSL5018EN, DSL705E and DSL705EU are vulnerable. The vulnerability is due to the fact that the program does not perform authentication detection. PRODUCT DESCRIPTION
The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU.
Vendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html
- Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network.
Proof of Concept for this vulnerability
Send a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt
- Broken Session Management
A successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid.
Proof of Concept for this vulnerability
- From computer A, open a web browser and login to the modem/router's web portal using the administrator ID.
-
From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt
-
File and Data Exposure
The router's configuration file contains the hardware information as well as all of the user's credentials. This includes the customer's name and WAN account, the TR-069 credential of the telecom company and the web portal's admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure.
Proof of Concept for this vulnerability
a. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt b. Decipher the downloaded rommfile.cfg using Caesar cipher.
- Web Parameter Tampering
Some of the router's restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data.
Proof of Concept for this vulnerability
a. Open a web browser and redirect traffic to localhost:8080. b. Open burb proxy and intercept traffic coming from the browser. c. Login to the router's web portal and go to the page where the protected values are located. d. Find the reference to the hidden values in the form and modify it. e. Submit the request to the router. Refresh the browser to see the modified protected values.
Screenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz
The following CVE's precedes the above and were found as fixed:
CVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. CVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. CVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
Researchers: Federick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0071",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl dsl5018en \\",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705eu",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705e",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl5018en",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705e",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705eu",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "adsl dsl5018en",
"scope": null,
"trust": 0.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705e",
"scope": null,
"trust": 0.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705eu",
"scope": null,
"trust": 0.6,
"vendor": "aztech",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:aztech:adsl_dsl5018en_%281t1r%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705eu_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Federick Joe P Fajardo",
"sources": [
{
"db": "BID",
"id": "69809"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
}
],
"trust": 1.0
},
"cve": "CVE-2014-6435",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6435",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-04207",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-74379",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2014-6435",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6435",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-6435",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-04207",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1208",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-74379",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. plural Aztech ADSL The device contains an authentication vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AztechDSL5018EN, DSL705E and DSL705EU are router products of the Aztech Group of Singapore. A denial of service vulnerability exists in several Aztech routers. An attacker could exploit the vulnerability to crash an affected device, causing a denial of service. \nAztech DSL5018EN, DSL705E and DSL705EU are vulnerable. The vulnerability is due to the fact that the program does not perform authentication detection. PRODUCT DESCRIPTION\n\nThe Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU. \n\nVendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html\n\n1. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network. \n\nProof of Concept for this vulnerability\n\nSend a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt\n\n2. Broken Session Management\n\nA successful authentication of a privilege (admin) ID in the web portal allows any attacker in the network to hijack and reuse the existing session in order to trick and allow the web server to execute administrative commands. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid. \n\nProof of Concept for this vulnerability\n\n1. From computer A, open a web browser and login to the modem/router\u0027s web portal using the administrator ID. \n2. From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt\n\n3. File and Data Exposure\n\nThe router\u0027s configuration file contains the hardware information as well as all of the user\u0027s credentials. This includes the customer\u0027s name and WAN account, the TR-069 credential of the telecom company and the web portal\u0027s admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure. \n\nProof of Concept for this vulnerability\n\na. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt\nb. Decipher the downloaded rommfile.cfg using Caesar cipher. \n\n4. Web Parameter Tampering\n\nSome of the router\u0027s restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data. \n\nProof of Concept for this vulnerability\n\na. Open a web browser and redirect traffic to localhost:8080. \nb. Open burb proxy and intercept traffic coming from the browser. \nc. Login to the router\u0027s web portal and go to the page where the protected values are located. \nd. Find the reference to the hidden values in the form and modify it. \ne. Submit the request to the router. Refresh the browser to see the modified protected values. \n\nScreenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz\n\nThe following CVE\u0027s precedes the above and were found as fixed:\n\nCVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed. \nCVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. \nCVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. \n\nResearchers:\nFederick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6435"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "BID",
"id": "69809"
},
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "PACKETSTORM",
"id": "128254"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-74379",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74379"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6435",
"trust": 3.5
},
{
"db": "BID",
"id": "69809",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "128254",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04207",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "39315",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-74379",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "BID",
"id": "69809"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"id": "VAR-201801-0071",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "VULHUB",
"id": "VHN-74379"
}
],
"trust": 1.2714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
}
]
},
"last_update_date": "2024-11-23T22:07:05.554000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/128254/aztech-dsl5018en-dsl705e-dsl705eu-dos-broken-session-management.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/69809"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6435"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6435"
},
{
"trust": 0.3,
"url": "http://www.aztech.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6436"
},
{
"trust": 0.1,
"url": "http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6437"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "BID",
"id": "69809"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"db": "VULHUB",
"id": "VHN-74379"
},
{
"db": "BID",
"id": "69809"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-74379"
},
{
"date": "2014-09-15T00:00:00",
"db": "BID",
"id": "69809"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"date": "2014-09-15T19:44:56",
"db": "PACKETSTORM",
"id": "128254"
},
{
"date": "2014-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"date": "2018-01-12T17:29:00.287000",
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04207"
},
{
"date": "2018-01-31T00:00:00",
"db": "VULHUB",
"id": "VHN-74379"
},
{
"date": "2014-09-23T00:01:00",
"db": "BID",
"id": "69809"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008487"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1208"
},
{
"date": "2024-11-21T02:14:22.717000",
"db": "NVD",
"id": "CVE-2014-6435"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Aztech ADSL Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008487"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1208"
}
],
"trust": 0.6
}
}
VAR-201801-0072
Vulnerability from variot - Updated: 2024-11-23 22:07Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. plural Aztech ADSL The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AztechModemRouters is a Modem and router all-in-one product from Aztech Group of Singapore. A session hijacking vulnerability exists in several AztechModemRouters products. An attacker could exploit the vulnerability to gain access to affected devices. A session hijacking vulnerability exists in multiple Aztech Modem Routers products, allowing remote attackers to exploit vulnerabilities to access devices for unauthorized operation in other user contexts. The vulnerability stems from the fact that the program does not manage sessions correctly. PRODUCT DESCRIPTION
The Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU.
Vendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html
- Denial of Service (DoS)
The CGI script that resets the WAN connectivity of the modem can be called directly from the web server with no authentication. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network.
Proof of Concept for this vulnerability
Send a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt
- The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid.
Proof of Concept for this vulnerability
- From computer A, open a web browser and login to the modem/router's web portal using the administrator ID.
-
From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt
-
File and Data Exposure
The router's configuration file contains the hardware information as well as all of the user's credentials. This includes the customer's name and WAN account, the TR-069 credential of the telecom company and the web portal's admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure.
Proof of Concept for this vulnerability
a. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt b. Decipher the downloaded rommfile.cfg using Caesar cipher.
- Web Parameter Tampering
Some of the router's restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data.
Proof of Concept for this vulnerability
a. Open a web browser and redirect traffic to localhost:8080. b. Open burb proxy and intercept traffic coming from the browser. c. Login to the router's web portal and go to the page where the protected values are located. d. Find the reference to the hidden values in the form and modify it. e. Submit the request to the router. Refresh the browser to see the modified protected values.
Screenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz
The following CVE's precedes the above and were found as fixed:
CVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed. CVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. CVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
Researchers: Federick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl dsl5018en \\",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705eu",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "dsl705e",
"scope": "eq",
"trust": 1.6,
"vendor": "aztech",
"version": null
},
{
"model": "modem routers",
"scope": null,
"trust": 1.2,
"vendor": "aztech",
"version": null
},
{
"model": "dsl5018en",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705e",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
},
{
"model": "dsl705eu",
"scope": null,
"trust": 0.8,
"vendor": "aztech group",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:aztech:adsl_dsl5018en_%281t1r%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:aztech:dsl705eu_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eric Fajardo",
"sources": [
{
"db": "BID",
"id": "69811"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
}
],
"trust": 0.9
},
"cve": "CVE-2014-6436",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-6436",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-04208",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-06214",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-74380",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-6436",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-6436",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2014-6436",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-04208",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-06214",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1209",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-74380",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-6436",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. plural Aztech ADSL The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AztechModemRouters is a Modem and router all-in-one product from Aztech Group of Singapore. A session hijacking vulnerability exists in several AztechModemRouters products. An attacker could exploit the vulnerability to gain access to affected devices. A session hijacking vulnerability exists in multiple Aztech Modem Routers products, allowing remote attackers to exploit vulnerabilities to access devices for unauthorized operation in other user contexts. The vulnerability stems from the fact that the program does not manage sessions correctly. PRODUCT DESCRIPTION\n\nThe Aztech ADSL family of modems/routes are shipped to residential and SOHO users that desires speed from 150-300mbps rate. This modem/router also supports IEEE802.11b/g/n as a Wireless LAN Access point. The vulnerable model numbers are: DSL5018EN (1T1R) (Shipped with Globe Telecom in the Philippines), DSL705E and DSL705EU. \n\nVendor reference: http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html\n\n1. Denial of Service (DoS)\n\nThe CGI script that resets the WAN connectivity of the modem can be called directly from the web server with no authentication. Sending a crafted HTTP GET request to the router via /cgi-bin/AZ_Retrain.cgi will allow an attacker to execute code that could potentially lead to Denial of Service (DoS) attack and may terminate or all established Internet connections in the network. \n\nProof of Concept for this vulnerability\n\nSend a GET request to the cgi-bin/AZ_Retrain.cgi to reset the WAN connection: http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt\n\n2. The command may be freely executed from any terminal in the network as long as the session of the privilege ID is valid. \n\nProof of Concept for this vulnerability\n\n1. From computer A, open a web browser and login to the modem/router\u0027s web portal using the administrator ID. \n2. From computer B, open a terminal session and make a POST request to the router: http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt\n\n3. File and Data Exposure\n\nThe router\u0027s configuration file contains the hardware information as well as all of the user\u0027s credentials. This includes the customer\u0027s name and WAN account, the TR-069 credential of the telecom company and the web portal\u0027s admin username and password. A malicious attacker can send a direct GET request to the cgi-bin/userromfile.cgi script and download the ROM file. Although the ROM file is a ciphered text, this can be deciphered using a weak substitution technique (ROT 24) which could potentially lead to data exposure. \n\nProof of Concept for this vulnerability\n\na. Send a GET request to the router using cgi-bin/userromfile.cgi via curl: http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt\nb. Decipher the downloaded rommfile.cfg using Caesar cipher. \n\n4. Web Parameter Tampering\n\nSome of the router\u0027s restricted and disabled settings can be acquired by checking the hidden fields in forms. Most of these settings can be manipulated by intercepting the data and manipulating the values upon submission. The below example shows how we manipulated the Access Control List in order to enable Telnet in the WAN section of the control panel before submitting the data. \n\nProof of Concept for this vulnerability\n\na. Open a web browser and redirect traffic to localhost:8080. \nb. Open burb proxy and intercept traffic coming from the browser. \nc. Login to the router\u0027s web portal and go to the page where the protected values are located. \nd. Find the reference to the hidden values in the form and modify it. \ne. Submit the request to the router. Refresh the browser to see the modified protected values. \n\nScreenshots: http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz\n\nThe following CVE\u0027s precedes the above and were found as fixed:\n\nCVE-2008-6588 _ Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed. \nCVE-2008-6554 _ cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. \nCVE-2007-4733 _ The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077. \n\nResearchers:\nFederick Joe Fajardo / fjpfajardo(at)ph.ibm.com, Lorenzo Miguel Flores / floresl(at)ph.ibm.com\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-6436"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "BID",
"id": "69811"
},
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"db": "PACKETSTORM",
"id": "128254"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-74380",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39316",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-6436",
"trust": 3.6
},
{
"db": "BID",
"id": "69811",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "128254",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04208",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-06214",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "39316",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-74380",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-6436",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"db": "BID",
"id": "69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"id": "VAR-201801-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "VULHUB",
"id": "VHN-74380"
}
],
"trust": 2.0857143000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
}
]
},
"last_update_date": "2024-11-23T22:07:05.509000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/69811"
},
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/128254/aztech-dsl5018en-dsl705e-dsl705eu-dos-broken-session-management.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6436"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6436"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/533489/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/39316/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6435"
},
{
"trust": 0.1,
"url": "http://www.aztech.com/prod_adsl_dsl5018en_1t1r.html"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/aztech.img.tgz"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6437"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azpass.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azgetconf.txt"
},
{
"trust": 0.1,
"url": "http://x.arpa.ph/fjpf/aztech-exploits/azreset.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"db": "VULHUB",
"id": "VHN-74380"
},
{
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"db": "BID",
"id": "69811"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"db": "PACKETSTORM",
"id": "128254"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-74380"
},
{
"date": "2018-01-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"date": "2014-09-15T00:00:00",
"db": "BID",
"id": "69811"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"date": "2014-09-15T19:44:56",
"db": "PACKETSTORM",
"id": "128254"
},
{
"date": "2014-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"date": "2018-01-12T17:29:00.350000",
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04208"
},
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06214"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-74380"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-6436"
},
{
"date": "2014-09-23T00:01:00",
"db": "BID",
"id": "69811"
},
{
"date": "2018-02-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008488"
},
{
"date": "2018-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1209"
},
{
"date": "2024-11-21T02:14:22.870000",
"db": "NVD",
"id": "CVE-2014-6436"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Aztech ADSL Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1209"
}
],
"trust": 0.6
}
}
VAR-201409-1171
Vulnerability from variot - Updated: 2022-05-17 02:10Aztech ADSL2/2+ Routers are ADSL router devices. Multiple Aztech ADSL2/2+ Routers products have security vulnerabilities: 1, /cgi-bin/AZ_Retrain.cgi failed to properly handle user-submitted HTTP GET requests, which can lead to link interruption. 2. The WEB interface session management privilege ID verification has a problem, allowing an attacker to reuse the session execution management command. 3. The attacker can obtain sensitive configuration information by sending a request to the cgi-bin/userromfile.cgi script to download the ROM file. 4. The router fails to properly process the user request, allowing the attacker to operate the WEB parameters, change settings, and so on. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations on the affected device. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-1171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl2/2+",
"scope": "eq",
"trust": 0.6,
"vendor": "aztech",
"version": "3.7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Federick Joe P Fajardo",
"sources": [
{
"db": "BID",
"id": "69810"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-06155",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-06155",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aztech ADSL2/2+ Routers are ADSL router devices. Multiple Aztech ADSL2/2+ Routers products have security vulnerabilities: 1, /cgi-bin/AZ_Retrain.cgi failed to properly handle user-submitted HTTP GET requests, which can lead to link interruption. 2. The WEB interface session management privilege ID verification has a problem, allowing an attacker to reuse the session execution management command. 3. The attacker can obtain sensitive configuration information by sending a request to the cgi-bin/userromfile.cgi script to download the ROM file. 4. The router fails to properly process the user request, allowing the attacker to operate the WEB parameters, change settings, and so on. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations on the affected device. This may aid in further attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
},
{
"db": "BID",
"id": "69810"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "69810",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-06155",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"db": "BID",
"id": "69810"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
]
},
"id": "VAR-201409-1171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
}
]
},
"last_update_date": "2022-05-17T02:10:37.671000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://seclists.org/bugtraq/2014/sep/88"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69810"
},
{
"trust": 0.3,
"url": "http://www.aztech.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"db": "BID",
"id": "69810"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"db": "BID",
"id": "69810"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"date": "2014-09-15T00:00:00",
"db": "BID",
"id": "69810"
},
{
"date": "2014-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06155"
},
{
"date": "2014-09-15T00:00:00",
"db": "BID",
"id": "69810"
},
{
"date": "2014-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1187"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Aztech ADSL2/2+ routers",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06155"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "69810"
}
],
"trust": 0.3
}
}
CVE-2008-6588 (GCVE-0-2008-6588)
Vulnerability from nvd – Published: 2009-04-03 18:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/51229 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/vuln-dev/2… | mailing-listx_refsource_VULN-DEV |
| http://archives.neohapsis.com/archives/vuln-dev/2… | mailing-listx_refsource_VULN-DEV |
Date Public
2008-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "aztech-router-default-password(50068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "aztech-router-default-password(50068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aztech-router-default-password(50068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"refsource": "OSVDB",
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6588",
"datePublished": "2009-04-03T18:00:00.000Z",
"dateReserved": "2009-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:47.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6554 (GCVE-0-2008-6554)
Vulnerability from nvd – Published: 2009-03-30 20:00 – Updated: 2024-08-07 11:34
VLAI
Summary
cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29551 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/490100/100… | mailing-listx_refsource_BUGTRAQ |
| http://core.ifconfig.se/~core/?p=21 | x_refsource_MISC |
| http://www.securityfocus.com/bid/28458 | vdb-entryx_refsource_BID |
| http://osvdb.org/44267 | vdb-entryx_refsource_OSVDB |
Date Public
2008-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"name": "http://core.ifconfig.se/~core/?p=21",
"refsource": "MISC",
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"refsource": "OSVDB",
"url": "http://osvdb.org/44267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6554",
"datePublished": "2009-03-30T20:00:00.000Z",
"dateReserved": "2009-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4733 (GCVE-0-2007-4733)
Vulnerability from nvd – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
Summary
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3093 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1018641 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/45877 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/478314/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3093",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3093",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3093",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"refsource": "OSVDB",
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4733",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6588 (GCVE-0-2008-6588)
Vulnerability from cvelistv5 – Published: 2009-04-03 18:00 – Updated: 2024-08-07 11:34
VLAI
Summary
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/51229 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/vuln-dev/2… | mailing-listx_refsource_VULN-DEV |
| http://archives.neohapsis.com/archives/vuln-dev/2… | mailing-listx_refsource_VULN-DEV |
Date Public
2008-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:47.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "aztech-router-default-password(50068)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "aztech-router-default-password(50068)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"tags": [
"mailing-list",
"x_refsource_VULN-DEV"
],
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aztech ADSL2/2+ 4-port router has a default \"isp\" account with a default \"isp\" password, which allows remote attackers to obtain access if this default is not changed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aztech-router-default-password(50068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50068"
},
{
"name": "51229",
"refsource": "OSVDB",
"url": "http://osvdb.org/51229"
},
{
"name": "20080418 Aztech ADSL2/2+ 4 Port default password",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0010.html"
},
{
"name": "20080421 Re: Aztech ADSL2/2+ 4 Port default password",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2008-q2/0012.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6588",
"datePublished": "2009-04-03T18:00:00.000Z",
"dateReserved": "2009-04-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:47.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6554 (GCVE-0-2008-6554)
Vulnerability from cvelistv5 – Published: 2009-03-30 20:00 – Updated: 2024-08-07 11:34
VLAI
Summary
cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/29551 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/490100/100… | mailing-listx_refsource_BUGTRAQ |
| http://core.ifconfig.se/~core/?p=21 | x_refsource_MISC |
| http://www.securityfocus.com/bid/28458 | vdb-entryx_refsource_BID |
| http://osvdb.org/44267 | vdb-entryx_refsource_OSVDB |
Date Public
2008-03-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:34:46.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44267"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aztech-adsl224-interface-command-execution(41492)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41492"
},
{
"name": "29551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29551"
},
{
"name": "20080326 Aztech ADSL2/2+ 4 Port remote root",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490100/100/0/threaded"
},
{
"name": "http://core.ifconfig.se/~core/?p=21",
"refsource": "MISC",
"url": "http://core.ifconfig.se/~core/?p=21"
},
{
"name": "28458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28458"
},
{
"name": "44267",
"refsource": "OSVDB",
"url": "http://osvdb.org/44267"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6554",
"datePublished": "2009-03-30T20:00:00.000Z",
"dateReserved": "2009-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T11:34:46.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4733 (GCVE-0-2007-4733)
Vulnerability from cvelistv5 – Published: 2007-09-06 19:00 – Updated: 2024-08-07 15:08
VLAI
Summary
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3093 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1018641 | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/45877 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/478314/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2007-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3093",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3093",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3093",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3093"
},
{
"name": "1018641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018641"
},
{
"name": "45877",
"refsource": "OSVDB",
"url": "http://osvdb.org/45877"
},
{
"name": "20070830 Aztech router DSL600EU IP and ARP spoof",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/478314/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4733",
"datePublished": "2007-09-06T19:00:00.000Z",
"dateReserved": "2007-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:08:33.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}