CVE-2014-6437 - OpenCVE

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Aztech	Dsl705eu Firmware Dsl705e Firmware Dsl705e Adsl Dsl5018en \(1t1r\) Dsl705eu Adsl Dsl5018en \(1t1r\) Firmware

Configuration 1 [-]

AND

cpe:2.3:o:aztech:adsl_dsl5018en_\(1t1r\)_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:aztech:adsl_dsl5018en_\(1t1r\):-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html	Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/533489/100/0/threaded
http://www.securityfocus.com/bid/69808	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-12T17:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2014-09-16T00:00:00

Link: CVE-2014-6437

JSON object: View

NVD Information

Status : Modified

Published: 2018-01-12T17:29:00.397

Modified: 2018-10-09T19:51:23.207

Link: CVE-2014-6437

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "69808", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69808"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"}, {"name": "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6437", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "69808", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69808"}, {"name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"}, {"name": "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6437", "datePublished": "2018-01-12T17:00:00", "dateReserved": "2014-09-16T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aztech:adsl_dsl5018en_\\(1t1r\\)_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7EAEBDA-7647-468C-B74E-0E5BFC9926DB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aztech:adsl_dsl5018en_\\(1t1r\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "D6DE6B23-0A44-4606-861D-B00123FDEC46", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aztech:dsl705e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6F0E1517-E45F-4BC6-9CE3-3458F3B321F5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aztech:dsl705e:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEE2578A-F0E4-43E2-A152-1CB50C10436E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:aztech:dsl705eu_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AB9E6C8-5E62-4829-87C3-9750824CF657", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:aztech:dsl705eu:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DDF7317-E11C-4B84-9D9A-1AFA70347305", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file."}, {"lang": "es", "value": "Los dispositivos Aztech ADSL DSL5018EN (1T1R), DSL705E y DSL705EU permiten que atacantes remotos obtengan informaci\u00f3n de configuraci\u00f3n sensible del dispositivo mediante vectores relacionados con el archivo ROM."}], "id": "CVE-2014-6437", "lastModified": "2018-10-09T19:51:23.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-12T17:29:00.397", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/69808"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}