Aztech Router Security Shock: Unauthenticated Password Change Exploit
Aztech DSL5005EN Router users, beware! Your router’s admin password can be changed without logging in. Thanks to Amir Hossein Jamshidi, unauthorized password changes are now easier than finding socks that match. Remember, with great internet comes great responsibility. Secure your network before someone sets your password to “password123”.
Hot Take:
It seems like Aztech’s DSL5005EN router has decided to join the “open-door” policy movement, but instead of being welcoming, it’s letting folks change admin passwords without even knocking. Talk about being a pushover! With this new security blunder, you can be a password-changing ninja without even having to log in. Next up, routers that make you coffee and croissants on command!
Key Points:
- The Aztech DSL5005EN router has a vulnerability allowing unauthenticated admin password changes.
- This exploit is executed through a simple POST request to the router’s sysAccess.asp page.
- The exploit requires only the device’s IP address and a new password to be set.
- The vulnerability does not have an assigned CVE yet.
- The exploit was authored by Amir Hossein Jamshidi and tested on a Linux system.
Already a member? Log in here