CVE-2025-0697

5.3 MEDIUM

📋 TL;DR

This vulnerability in Telstra Smart Modem Gen 2 allows remote attackers to inject malicious content via manipulated HTTP Content-Disposition headers. Attackers could potentially execute arbitrary code or compromise the modem's functionality. All users of Telstra Smart Modem Gen 2 devices with firmware up to January 15, 2025 are affected.

💻 Affected Systems

Products:

• Telstra Smart Modem Gen 2

Versions: All versions up to 20250115

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with default configurations are vulnerable. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network traffic interception, and lateral movement into connected networks.

🟠

Likely Case

Denial of service, configuration manipulation, or limited command injection affecting modem functionality.

🟢

If Mitigated

Minimal impact if devices are behind firewalls with strict inbound filtering and regular monitoring.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing modem devices.

🏢 Internal Only: MEDIUM - Internal exploitation possible if attacker gains network access, but requires specific targeting.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is publicly available on GitHub. Exploitation requires sending specially crafted HTTP requests to the modem's web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

1. Contact Telstra support for firmware update information. 2. Check for firmware updates via modem web interface. 3. Apply any available updates and restart the device.

🔧 Temporary Workarounds

Disable Remote Management

all

Disable remote administration/management features on the modem to prevent external exploitation.

Network Segmentation

all

Place modems in isolated network segments with strict firewall rules limiting inbound connections.

🧯 If You Can't Patch

• Implement strict network access controls to limit connections to modem management interface
• Monitor network traffic for unusual HTTP requests targeting modem IP addresses

🔍 How to Verify

Check if Vulnerable:

Copy

Check firmware version via modem web interface (typically at 192.168.0.1 or 192.168.1.1) and compare against vulnerable versions.

Check Version:

Copy

curl -s http://modem-ip/status | grep firmware or check web interface

Verify Fix Applied:

Copy

Verify firmware version is newer than 20250115 and test with known exploit payloads.

📡 Detection & Monitoring

Log Indicators:

• Unusual HTTP requests with manipulated Content-Disposition headers
• Multiple failed authentication attempts to modem interface

Network Indicators:

• HTTP requests to modem IP on port 80/443 with unusual header patterns
• Outbound connections from modem to unknown destinations

SIEM Query:

Copy

sourceIP=modem_ip AND (http.method=POST OR http.method=GET) AND http.headers CONTAINS "Content-Disposition" AND http.headers CONTAINS "injection"

📊 Metadata

CVE ID: CVE-2025-0697

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-74

EPSS Score: 0.1% exploit probability (26.6th percentile)

Published: January 24, 2025

Last Updated: January 24, 2025

🔗 References

• https://github.com/bloodbile/Telstra-RHI
• https://vuldb.com/?ctiid.293223
• https://vuldb.com/?id.293223
• https://vuldb.com/?submit.480045

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0697, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)

CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)

CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)