Details of VAR-200502-0054

ID

VAR-200502-0054

CVE

CVE-2005-0494

TITLE

Thomason cable modem RgSecurity Form Verification Remote Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200502-073

DESCRIPTION

The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request. Thomson Cable Modem is prone to a denial-of-service vulnerability

Trust: 1.26

sources: NVD: CVE-2005-0494 // BID: 90229 // VULHUB: VHN-11703

AFFECTED PRODUCTS

vendor:	thomson	model:	cable modem	scope:	eq	version:	tcw690	Trust: 1.6
vendor:	thomson	model:	cable modem tcw690	scope:	-	version:	-	Trust: 0.3

sources: BID: 90229 // CNNVD: CNNVD-200502-073 // NVD: CVE-2005-0494

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0494
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200502-073
value:	HIGH
Trust: 0.6
VULHUB:	VHN-11703
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0494
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11703
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11703 // CNNVD: CNNVD-200502-073 // NVD: CVE-2005-0494

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0494

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200502-073

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200502-073

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-11703

EXTERNAL IDS

db:	NVD	id:	CVE-2005-0494	Trust: 2.0
db:	SECUNIA	id:	14353	Trust: 1.7
db:	XF	id:	19387	Trust: 0.9
db:	CNNVD	id:	CNNVD-200502-073	Trust: 0.7
db:	XF	id:	690	Trust: 0.6
db:	BUGTRAQ	id:	20050219 THOMSON TCW690 POST PASSWORD VALIDATION VULNERABILITY	Trust: 0.6
db:	BID	id:	90229	Trust: 0.4
db:	EXPLOIT-DB	id:	829	Trust: 0.1
db:	VULHUB	id:	VHN-11703	Trust: 0.1

sources: VULHUB: VHN-11703 // BID: 90229 // CNNVD: CNNVD-200502-073 // NVD: CVE-2005-0494

REFERENCES

url:	http://secunia.com/advisories/14353	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/19387	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110886937131507&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110886937131507&w=2	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/19387	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=110886937131507&w=2	Trust: 0.1

sources: VULHUB: VHN-11703 // BID: 90229 // CNNVD: CNNVD-200502-073 // NVD: CVE-2005-0494

CREDITS

Unknown

Trust: 0.3

sources: BID: 90229

SOURCES

db:	VULHUB	id:	VHN-11703
db:	BID	id:	90229
db:	CNNVD	id:	CNNVD-200502-073
db:	NVD	id:	CVE-2005-0494

LAST UPDATE DATE

2024-08-14T14:29:29.508000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11703	date:	2017-07-11T00:00:00
db:	BID	id:	90229	date:	2005-02-21T00:00:00
db:	CNNVD	id:	CNNVD-200502-073	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0494	date:	2017-07-11T01:32:19.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11703	date:	2005-02-21T00:00:00
db:	BID	id:	90229	date:	2005-02-21T00:00:00
db:	CNNVD	id:	CNNVD-200502-073	date:	2005-02-21T00:00:00
db:	NVD	id:	CVE-2005-0494	date:	2005-02-21T05:00:00