CVE-2014-6437
published 2018-01-12CVE-2014-6437: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
15.50%
96.4th percentile
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to /cgi-bin/userromfile.cgi (also in percent-encoded form %63%67%69%2d%62%69%6e%2f%75%73%65%72%72%6f%6d%66%69%6c%65%2e%63%67%69) on Aztech DSL routers, which retrieves the full device ROM/configuration file. ↗
- →The exploit uses the Referer header value 'http:///cgi-bin/admSettings.asp' (triple-slash, no host) — flag HTTP requests to the device with this anomalous Referer as a strong indicator of exploitation. ↗
- →Monitor for HTTP responses containing device configuration data (romfile.cfg) originating from Aztech DSL5018EN (1T1R), DSL705E, and DSL705EU devices, indicating successful information disclosure via the ROM file endpoint. ↗
- ·The exploit targets port 80 by default (HTTP), but the actual port is user-supplied — detection rules should not be restricted to port 80 alone. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.htmlhttp://www.securityfocus.com/archive/1/533489/100/0/threadedhttp://www.securityfocus.com/bid/69808http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.htmlhttp://www.securityfocus.com/archive/1/533489/100/0/threadedhttp://www.securityfocus.com/bid/69808
2018-01-12
Published