CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0697: Telstra Smart Modem Gen 2 HTTP Header injection

6.9 CVSS

Description

A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Telstra Smart Modem Gen 2 bis 20250115 gefunden. Dabei betrifft es einen unbekannter Codeteil der Komponente HTTP Header Handler. Durch das Manipulieren des Arguments Content-Disposition mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.

Classification

CVE ID: CVE-2025-0697

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.9

Affected Products

Vendor: Telstra

Product: Smart Modem Gen 2

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 23.35% (scored less or equal to compared to others)

EPSS Date: 2025-02-21 (when was this score calculated)

References

https://vuldb.com/?id.293223
https://vuldb.com/?ctiid.293223
https://vuldb.com/?submit.480045
https://github.com/bloodbile/Telstra-RHI

Timeline

2025-01-25 00:30:29 UTC
CVE

Telstra Smart Modem Gen 2 HTTP Header injection