CVE ID: CVE-2025-56241
Service Request Number: 1891479
Reporter / Discoverer: Amir Hossein Jamshidi
Public disclosure date: 2025-02-26
- Aztech DSL5005EN
- Tested firmware:
1.00.AZ_2013-05-10 - Other versions may be affected.
- Tested firmware:
- Incorrect Access Control / Unauthenticated admin password change
- Impact: Privilege Escalation — attacker can obtain full administrative access by changing the admin password.
A remote attacker can send a specially crafted HTTP POST request to the web management endpoint /sysAccess.asp without authentication. The crafted request accepts parameters that result in overwriting the administrator password, granting the attacker full administrative control of the device.
Attack vector: Remote, unauthenticated HTTP POST to /sysAccess.asp with crafted parameters that set/overwrite admin credentials.
- Send an HTTP POST to
/sysAccess.aspwith parameters as shown in the public PoC (links below). The request modifies the stored admin password value and allows subsequent login as administrator. - (For safety, full exploit code is available at the referenced public resources; this gist contains a high-level summary only.)
- Exploit-DB (public disclosure, 26 Feb 2025): https://www.exploit-db.com/exploits/52093
- GitHub PoC repository (public): https://github.com/amirhosseinjamshidi64/Aztech-POC
- Vendor: Aztech
- Vendor contacted: Yes / No (if you contacted vendor, add date and contact details here).
- Status: Public disclosure on Exploit-DB. As of this gist publication, vendor response not available/acknowledged.
- This gist is provided as the public reference requested by the CVE Assignment Team and contains the minimum required information for CVE-2025-56241.
- If additional technical details are required by the CVE team, please contact the reporter at the email below.
Amir Hossein Jamshidi
email: amirhosseinjamshidi64@gmail.com