HTTP Header Injection Vulnerability in Telstra Smart Modem Gen 2
CVE-2025-0697

6.9MEDIUM

Key Information:

Vendor

Telstra

Status
Smart Modem Gen 2
Vendor
CVE Published:
24 January 2025

What is CVE-2025-0697?

A vulnerability has been discovered in the Telstra Smart Modem Gen 2 that affects its HTTP Header Handler component. This vulnerability allows an attacker to manipulate the Content-Disposition HTTP header, potentially leading to injection attacks. Remote exploitation is possible, and the vendor was notified of this issue without any response. Users are advised to remain vigilant and consider potential implications for their network security.

Affected Version(s)

Smart Modem Gen 2 20250115

References

https://vuldb.com/?id.293223
vdb-entrytechnical-description
https://vuldb.com/?ctiid.293223
signaturepermissions-required
https://vuldb.com/?submit.480045
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

grunge (VulDB User)
.
CVE-2025-0697 : HTTP Header Injection Vulnerability in Telstra Smart Modem Gen 2