ID

VAR-200603-0483


CVE

CVE-2006-0947


TITLE

Thomson SpeedTouch 500 Series Cross-Site Scripting Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2006-1177 // BID: 16839

DESCRIPTION

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

Trust: 1.8

sources: NVD: CVE-2006-0947 // CNVD: CNVD-2006-1177 // BID: 16839 // VULHUB: VHN-17055

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-1177

AFFECTED PRODUCTS

vendor:thomsonmodel:speedtouchscope:eqversion:576_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:530_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:536_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:546_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:516_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:585_5.3.2.6.0

Trust: 1.6

vendor:thomsonmodel:speedtouchscope:eqversion:580_5.3.2.6.0

Trust: 1.6

vendor:speedtouchmodel:thomson 516 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 530 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 536 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 546 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 576 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 580 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:speedtouchmodel:thomson 585 5.3.2.6.0scope: - version: -

Trust: 0.6

vendor:thomsonmodel:speedtouchscope:eqversion:5855.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5805.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5765.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5465.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5365.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5305.3.2.6.0

Trust: 0.3

vendor:thomsonmodel:speedtouchscope:eqversion:5165.3.2.6.0

Trust: 0.3

sources: CNVD: CNVD-2006-1177 // BID: 16839 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0947
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-1177
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200602-411
value: HIGH

Trust: 0.6

VULHUB: VHN-17055
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-0947
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-1177
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-17055
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-1177 // VULHUB: VHN-17055 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0947

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200602-411

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200602-411

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-17055

EXTERNAL IDS

db:BIDid:16839

Trust: 2.6

db:NVDid:CVE-2006-0947

Trust: 2.3

db:SECUNIAid:19069

Trust: 1.7

db:VUPENid:ADV-2006-0765

Trust: 1.7

db:SECTRACKid:1015688

Trust: 1.7

db:CNNVDid:CNNVD-200602-411

Trust: 0.7

db:CNVDid:CNVD-2006-1177

Trust: 0.6

db:BUGTRAQid:20060226 THOMSON SPEEDTOUCH 500 MODEMS VULNERABLE TO XSS

Trust: 0.6

db:EXPLOIT-DBid:27319

Trust: 0.1

db:SEEBUGid:SSVID-80932

Trust: 0.1

db:VULHUBid:VHN-17055

Trust: 0.1

sources: CNVD: CNVD-2006-1177 // VULHUB: VHN-17055 // BID: 16839 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

REFERENCES

url:http://www.securityfocus.com/bid/16839

Trust: 2.3

url:http://www.securityfocus.com/archive/1/426186

Trust: 1.7

url:http://securitytracker.com/id?1015688

Trust: 1.7

url:http://secunia.com/advisories/19069

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0765

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0765

Trust: 0.6

url:http://www.speedtouchdsl.com/homeprod_dsl.htm

Trust: 0.3

url:/archive/1/426186

Trust: 0.3

sources: CNVD: CNVD-2006-1177 // VULHUB: VHN-17055 // BID: 16839 // CNNVD: CNNVD-200602-411 // NVD: CVE-2006-0947

CREDITS

Preben Nyl?kken is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 16839 // CNNVD: CNNVD-200602-411

SOURCES

db:CNVDid:CNVD-2006-1177
db:VULHUBid:VHN-17055
db:BIDid:16839
db:CNNVDid:CNNVD-200602-411
db:NVDid:CVE-2006-0947

LAST UPDATE DATE

2024-11-23T22:32:29.283000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-1177date:2006-02-28T00:00:00
db:VULHUBid:VHN-17055date:2011-03-08T00:00:00
db:BIDid:16839date:2006-03-01T05:16:00
db:CNNVDid:CNNVD-200602-411date:2006-03-01T00:00:00
db:NVDid:CVE-2006-0947date:2024-11-21T00:07:42.850

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-1177date:2006-02-28T00:00:00
db:VULHUBid:VHN-17055date:2006-03-01T00:00:00
db:BIDid:16839date:2006-02-25T00:00:00
db:CNNVDid:CNNVD-200602-411date:2006-02-28T00:00:00
db:NVDid:CVE-2006-0947date:2006-03-01T02:02:00