Sign-up

ID

VAR-200603-0482


CVE

CVE-2006-0946


TITLE

Thomson SpeedTouch Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-1160 // CNNVD: CNNVD-200602-430

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

Trust: 1.8

sources: NVD: CVE-2006-0946 // CNVD: CNVD-2006-1160 // BID: 16839 // VULHUB: VHN-17054

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1160

AFFECTED PRODUCTS

vendor:thomsonmodel:speedtouchscope:eqversion:576_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:530_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:536_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:546_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:516_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:585_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:580_5.3.2.6.0

Trust: 1.6

vendor:speedtouchmodel:thomson 516 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 530 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 536 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 546 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 576 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 580 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 585 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:thomsonmodel:speedtouchscope:eqversion:5855.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5805.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5765.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5465.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5365.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5305.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5165.3.2.6.0

Trust: 0.3

sources: CNVD: CNVD-2006-1160 // BID: 16839 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0946
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2006-1160
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200602-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-17054
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0946
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1160
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-17054
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-1160 // VULHUB: VHN-17054 // CNNVD: CNNVD-200602-430 // NVD: CVE-2006-0946

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200602-430

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-17054

EXTERNAL IDS
db:BIDid:16839
Trust: 2.6
db:NVDid:CVE-2006-0946
Trust: 2.3
db:SECUNIAid:19069
Trust: 1.7
db:VUPENid:ADV-2006-0765
Trust: 1.7
db:SECTRACKid:1015688
Trust: 1.7
db:OSVDBid:23527
Trust: 1.7
db:CNNVDid:CNNVD-200602-430
Trust: 0.7
db:CNVDid:CNVD-2006-1160
Trust: 0.6
db:BUGTRAQid:20060226 THOMSON SPEEDTOUCH 500 MODEMS VULNERABLE TO XSS
Trust: 0.6
db:XFid:24977
Trust: 0.6
db:EXPLOIT-DBid:27320
Trust: 0.1
db:SEEBUGid:SSVID-80933
Trust: 0.1
db:VULHUBid:VHN-17054
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-1160 // 
            
            
            
            VULHUB: VHN-17054 // 
            
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-430 // 
            
            
            
            NVD: CVE-2006-0946

REFERENCES
url:http://www.securityfocus.com/bid/16839
Trust: 2.3
url:http://www.securityfocus.com/archive/1/426186
Trust: 1.7
url:http://www.osvdb.org/23527
Trust: 1.7
url:http://securitytracker.com/id?1015688
Trust: 1.7
url:http://secunia.com/advisories/19069
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/0765
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24977
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/24977
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/0765
Trust: 0.6
url:http://www.speedtouchdsl.com/homeprod_dsl.htm
Trust: 0.3
url:/archive/1/426186
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2006-1160 // 
            
            
            
            VULHUB: VHN-17054 // 
            
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-430 // 
            
            
            
            NVD: CVE-2006-0946

CREDITS
Preben Nyl?kken is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-430

SOURCES
db:CNVDid:CNVD-2006-1160
db:VULHUBid:VHN-17054
db:BIDid:16839
db:CNNVDid:CNNVD-200602-430
db:NVDid:CVE-2006-0946

LAST UPDATE DATE
2024-08-14T15:09:44.469000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-1160date:2006-02-28T00:00:00
db:VULHUBid:VHN-17054date:2017-07-20T00:00:00
db:BIDid:16839date:2006-03-01T05:16:00
db:CNNVDid:CNNVD-200602-430date:2006-03-01T00:00:00
db:NVDid:CVE-2006-0946date:2017-07-20T01:30:11.880

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-1160date:2006-02-28T00:00:00
db:VULHUBid:VHN-17054date:2006-03-01T00:00:00
db:BIDid:16839date:2006-02-25T00:00:00
db:CNNVDid:CNNVD-200602-430date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0946date:2006-03-01T02:02:00