vendor:
DSL5005EN Router
by:
Amir Hossein Jamshidi
8.1
CVSS
CRITICAL
Unauthenticated Password Change
798
CWE
Product Name: DSL5005EN Router
Affected Version From: DSL5005EN
Affected Version To: DSL5005EN
Patch Exists: NO
Related CWE:
CPE: h:aztech:dsl5005en
Platforms Tested: Linux
2025
Aztech DSL5005EN Router Admin Password Change Vulnerability
The Aztech DSL5005EN router/modem allows an attacker to change the admin password without authentication, by sending a crafted HTTP request to the 'sysAccess.asp' endpoint. This could lead to unauthorized access and control of the device.
Mitigation:
To mitigate this vulnerability, it is recommended to restrict network access to the router's administration interface and apply the latest firmware updates provided by the vendor.
