Aztech DSL5005EN Unauthenticated Password Change Vulnerability in sysAccess.asp

A vulnerability exists in the Aztech DSL5005EN router, specifically in the firmware version 1.00.AZ_2013-05-10, allowing unauthenticated attackers to change the administrator password. This is achieved by sending a crafted POST request to the sysAccess.asp page. Exploiting this vulnerability grants full administrative control of the router without the need for authentication.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, leading to unauthorized administrative access on the affected router.

Reproduction

To reproduce this vulnerability, send an HTTP POST request to '/sysAccess.asp' with parameters that include the new password and a password confirmation. The request will overwrite the existing admin password, allowing access as an administrator.