Sign-up

ID

VAR-200603-0483


CVE

CVE-2006-0947


TITLE

Thomson SpeedTouch 500 Series Cross-Site Scripting Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2006-1177 // BID: 16839

DESCRIPTION

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

Trust: 1.8

sources: NVD: CVE-2006-0947 // CNVD: CNVD-2006-1177 // BID: 16839 // VULHUB: VHN-17055

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1177

AFFECTED PRODUCTS

vendor:thomsonmodel:speedtouchscope:eqversion:576_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:530_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:536_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:546_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:516_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:585_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:580_5.3.2.6.0

Trust: 1.6

vendor:speedtouchmodel:thomson 516 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 530 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 536 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 546 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 576 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 580 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 585 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:thomsonmodel:speedtouchscope:eqversion:5855.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5805.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5765.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5465.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5365.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5305.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5165.3.2.6.0

Trust: 0.3

sources: CNVD: CNVD-2006-1177 // BID: 16839 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0947
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-1177
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200602-411
value: HIGH

Trust: 0.6

VULHUB: VHN-17055
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0947
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1177
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-17055
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-1177 // VULHUB: VHN-17055 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-411

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200602-411

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-17055

EXTERNAL IDS
db:BIDid:16839
Trust: 2.6
db:NVDid:CVE-2006-0947
Trust: 2.3
db:SECUNIAid:19069
Trust: 1.7
db:VUPENid:ADV-2006-0765
Trust: 1.7
db:SECTRACKid:1015688
Trust: 1.7
db:CNNVDid:CNNVD-200602-411
Trust: 0.7
db:CNVDid:CNVD-2006-1177
Trust: 0.6
db:BUGTRAQid:20060226 THOMSON SPEEDTOUCH 500 MODEMS VULNERABLE TO XSS
Trust: 0.6
db:EXPLOIT-DBid:27319
Trust: 0.1
db:SEEBUGid:SSVID-80932
Trust: 0.1
db:VULHUBid:VHN-17055
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-1177 // 
            
            
            
            VULHUB: VHN-17055 // 
            
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-411 // 
            
            
            
            NVD: CVE-2006-0947

REFERENCES
url:http://www.securityfocus.com/bid/16839
Trust: 2.3
url:http://www.securityfocus.com/archive/1/426186
Trust: 1.7
url:http://securitytracker.com/id?1015688
Trust: 1.7
url:http://secunia.com/advisories/19069
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/0765
Trust: 1.1
url:http://www.frsirt.com/english/advisories/2006/0765
Trust: 0.6
url:http://www.speedtouchdsl.com/homeprod_dsl.htm
Trust: 0.3
url:/archive/1/426186
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2006-1177 // 
            
            
            
            VULHUB: VHN-17055 // 
            
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-411 // 
            
            
            
            NVD: CVE-2006-0947

CREDITS
Preben Nyl?kken is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 16839 // 
            
            
            
            CNNVD: CNNVD-200602-411

SOURCES
db:CNVDid:CNVD-2006-1177
db:VULHUBid:VHN-17055
db:BIDid:16839
db:CNNVDid:CNNVD-200602-411
db:NVDid:CVE-2006-0947

LAST UPDATE DATE
2024-08-14T15:09:44.430000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-1177date:2006-02-28T00:00:00
db:VULHUBid:VHN-17055date:2011-03-08T00:00:00
db:BIDid:16839date:2006-03-01T05:16:00
db:CNNVDid:CNNVD-200602-411date:2006-03-01T00:00:00
db:NVDid:CVE-2006-0947date:2011-03-08T02:31:25.737

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-1177date:2006-02-28T00:00:00
db:VULHUBid:VHN-17055date:2006-03-01T00:00:00
db:BIDid:16839date:2006-02-25T00:00:00
db:CNNVDid:CNNVD-200602-411date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0947date:2006-03-01T02:02:00