CVE-2025-56241 - Vulnerability Details

Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control of the router without authentication.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aztech	Dsl5005en

No data.

References

Link	Providers
https://gist.github.com/amirhosseinjamshidi64/cca123a0dda5a17f3708ffc2dd2a7a45
https://github.com/amirhosseinjamshidi64/Aztech-POC
https://www.exploit-db.com/exploits/52093

History

Thu, 25 Sep 2025 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Aztech Aztech dsl5005en
Vendors & Products		Aztech Aztech dsl5005en

Wed, 24 Sep 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control of the router without authentication.
References		https://gist.github.com/amirhosseinjamshidi64/cca123a0dda5a17f3708ffc2dd2a7a45 https://github.com/amirhosseinjamshidi64/Aztech-POC https://www.exploit-db.com/exploits/52093

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-09-24T00:00:00.000Z

Updated: 2025-09-24T17:57:30.166Z

Reserved: 2025-08-16T00:00:00.000Z

Link: CVE-2025-56241

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-09-24T18:15:38.200

Modified: 2025-09-26T14:32:53.583

Link: CVE-2025-56241

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object