ID

VAR-200603-0482


CVE

CVE-2006-0946


TITLE

Thomson SpeedTouch Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-1160 // CNNVD: CNNVD-200602-430

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

Trust: 1.8

sources: NVD: CVE-2006-0946 // CNVD: CNVD-2006-1160 // BID: 16839 // VULHUB: VHN-17054

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1160

AFFECTED PRODUCTS

vendor:thomsonmodel:speedtouchscope:eqversion:576_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:530_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:536_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:546_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:516_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:585_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:580_5.3.2.6.0

Trust: 1.6

vendor:speedtouchmodel:thomson 516 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 530 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 536 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 546 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 576 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 580 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 585 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:thomsonmodel:speedtouchscope:eqversion:5855.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5805.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5765.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5465.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5365.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5305.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5165.3.2.6.0

Trust: 0.3

sources: CNVD: CNVD-2006-1160 // BID: 16839 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0946
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2006-1160
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200602-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17054
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0946
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1160
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-17054
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-1160 // VULHUB: VHN-17054 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200602-430

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-17054

EXTERNAL IDS

db:BIDid:16839

Trust: 2.6

db:NVDid:CVE-2006-0946

Trust: 2.3

db:SECUNIAid:19069

Trust: 1.7

db:VUPENid:ADV-2006-0765

Trust: 1.7

db:SECTRACKid:1015688

Trust: 1.7

db:OSVDBid:23527

Trust: 1.7

db:CNNVDid:CNNVD-200602-430

Trust: 0.7

db:CNVDid:CNVD-2006-1160

Trust: 0.6

db:BUGTRAQid:20060226 THOMSON SPEEDTOUCH 500 MODEMS VULNERABLE TO XSS

Trust: 0.6

db:XFid:24977

Trust: 0.6

db:EXPLOIT-DBid:27320

Trust: 0.1

db:SEEBUGid:SSVID-80933

Trust: 0.1

db:VULHUBid:VHN-17054

Trust: 0.1

sources: CNVD: CNVD-2006-1160 // VULHUB: VHN-17054 // BID: 16839 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

REFERENCES

url:http://www.securityfocus.com/bid/16839

Trust: 2.3

url:http://www.securityfocus.com/archive/1/426186

Trust: 1.7

url:http://www.osvdb.org/23527

Trust: 1.7

url:http://securitytracker.com/id?1015688

Trust: 1.7

url:http://secunia.com/advisories/19069

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0765

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24977

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/24977

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/0765

Trust: 0.6

url:http://www.speedtouchdsl.com/homeprod_dsl.htm

Trust: 0.3

url:/archive/1/426186

Trust: 0.3

sources: CNVD: CNVD-2006-1160 // VULHUB: VHN-17054 // BID: 16839 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

CREDITS

Preben Nyl?kken is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 16839 // CNNVD: CNNVD-200602-430

SOURCES

db:CNVDid:CNVD-2006-1160
db:VULHUBid:VHN-17054
db:BIDid:16839
db:CNNVDid:CNNVD-200602-430
db:NVDid:CVE-2006-0946

LAST UPDATE DATE

2024-11-23T22:32:29.315000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-1160date:2006-02-28T00:00:00
db:VULHUBid:VHN-17054date:2017-07-20T00:00:00
db:BIDid:16839date:2006-03-01T05:16:00
db:CNNVDid:CNNVD-200602-430date:2006-03-01T00:00:00
db:NVDid:CVE-2006-0946date:2024-11-21T00:07:42.720

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-1160date:2006-02-28T00:00:00
db:VULHUBid:VHN-17054date:2006-03-01T00:00:00
db:BIDid:16839date:2006-02-25T00:00:00
db:CNNVDid:CNNVD-200602-430date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0946date:2006-03-01T02:02:00