cbcvebase.
CVE-2014-6437
published 2018-01-12

CVE-2014-6437: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving…

PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
15.50%
96.4th percentile
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/userromfile.cgi
filenameromfile.cfg
  • Detect unauthenticated HTTP GET requests to /cgi-bin/userromfile.cgi (also in percent-encoded form %63%67%69%2d%62%69%6e%2f%75%73%65%72%72%6f%6d%66%69%6c%65%2e%63%67%69) on Aztech DSL routers, which retrieves the full device ROM/configuration file.
  • The exploit uses the Referer header value 'http:///cgi-bin/admSettings.asp' (triple-slash, no host) — flag HTTP requests to the device with this anomalous Referer as a strong indicator of exploitation.
  • Monitor for HTTP responses containing device configuration data (romfile.cfg) originating from Aztech DSL5018EN (1T1R), DSL705E, and DSL705EU devices, indicating successful information disclosure via the ROM file endpoint.
  • ·The exploit targets port 80 by default (HTTP), but the actual port is user-supplied — detection rules should not be restricted to port 80 alone.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.