Introduction

Responsible disclosure is a cornerstone of security research, but the process can sometimes be incredibly frustrating. In early 2023, I independently discovered a critical Remote Code Execution (RCE) vulnerability in the Airtel ASEE 1447 fiber router.

When I initially reached out to report the vulnerabilities, the vendor claimed verbally that they were already aware of the issues. However, after multiple follow-ups yielded absolutely no response or action, I submitted another formal report to ensure there was a clear paper trail.

That submission was promptly brushed off. Their official response stated: “We were aware of all this bug, when asked again it was a duplicate.” Subsequent requests for an expected patch date were entirely ignored. I no longer have the physical hardware on hand to verify if a patch was ever actually rolled out, so I am publishing this as a retrospective on my findings.

During the initial analysis, I identified that the Airtel ASEE 1447 is essentially a white-labeled Alphion ASEE 1443. To confirm the scope of the vulnerability, I tested the exact same exploit chain against the base Alphion ASEE 1443 hardware, and it worked flawlessly.

Vulnerability Summary

  • Vulnerability Type: Remote Code Execution (RCE)
  • Target Devices: Airtel ASEE 1447 Fiber Router
  • Base Hardware: Alphion ASEE 1443 (Exploit confirmed working)
  • Affected Firmware Version: 7.6.H.A0.05.12
  • Discovery Date: Jan or Feb 2023
  • Vendor Response: Marked as Duplicate (“We were aware of all this bug…”)
  • Patch Status: Unknown (Unable to verify due to lack of response)

Findings & Proof of Concept

Since the disclosure was closed as a duplicate and significant time has passed without any communication on a patch, I am making my original report publicly available for the community.

Rather than a full, deep-dive firmware analysis, the document linked below serves as a straightforward Proof of Concept (PoC). It outlines the exact steps and payloads required to practically exploit each vulnerability I identified.

📄 Read the Vulnerability PoC Report (PDF)