CVE-2025-0697 in Smart Modem Gen 2
Summary
by MITRE • 01/24/2025
A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/10/2026
This vulnerability represents a critical security flaw in Telstra Smart Modem Gen 2 firmware versions up to 20250115, specifically within the HTTP Header Handler component. The issue stems from inadequate input validation in the Content-Disposition header processing mechanism, creating an injection vulnerability that allows malicious actors to manipulate HTTP request headers. The vulnerability's classification as problematic indicates significant security implications that could compromise the device's integrity and confidentiality. This weakness falls under CWE-94, which describes "Improper Control of Generation of Code" or "Code Injection" scenarios where attacker-controllable data is processed without proper sanitization. The remote attack vector means that threat actors can exploit this vulnerability without physical access to the device, making it particularly dangerous in residential and commercial networks.
The technical exploitation occurs when an attacker crafts malicious HTTP requests containing specially formatted Content-Disposition headers that can trigger code injection within the modem's processing pipeline. This injection capability could enable attackers to execute arbitrary commands on the device, potentially leading to complete system compromise. The HTTP Header Handler component is responsible for parsing and processing HTTP headers received by the modem, making it a prime target for attackers seeking to manipulate the device's behavior. This vulnerability demonstrates poor input validation practices and highlights the importance of secure header processing in network devices. The lack of vendor response to early disclosure attempts creates additional risk as the vulnerability remains unpatched and potentially known to malicious actors.
The operational impact of this vulnerability extends beyond simple device compromise, as Telstra Smart Modem Gen 2 serves as a critical network gateway for residential and small business users. Successful exploitation could lead to complete network infiltration, allowing attackers to monitor traffic, redirect connections, or use the device as a pivot point for attacking other systems within the local network. This aligns with ATT&CK technique T1071.004 for Application Layer Protocol: DNS and T1566 for Phishing with Malicious Attachments, as the injection could be used to deliver further malicious payloads. The device's role in handling internet traffic makes it a valuable target for threat actors seeking persistent access to networks, potentially enabling long-term surveillance or data exfiltration operations.
Organizations and individuals should immediately implement network segmentation and monitoring to detect anomalous HTTP traffic patterns that might indicate exploitation attempts. The recommended mitigation strategy includes disabling unnecessary HTTP services, implementing network access controls, and monitoring for unusual Content-Disposition header usage. Additionally, network administrators should consider deploying intrusion detection systems capable of identifying malformed HTTP headers and suspicious injection patterns. The vulnerability underscores the critical importance of firmware updates and vendor accountability in maintaining network security, particularly for Internet of Things devices that often lack robust security controls. Until a vendor patch is available, users should consider physical security measures such as disabling remote management features and ensuring strong local network authentication to minimize exposure risk.