Описание
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:aztech:adsl_dsl5018en_\(1t1r\)_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:adsl_dsl5018en_\(1t1r\):-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.14747
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.
EPSS
Процентиль: 94%
0.14747
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287