Details of VAR-200711-0147

ID

VAR-200711-0147

CVE

CVE-2007-6003

TITLE

Thomson SpeedTouch 716 of cgi/b/ic/connect Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-006334

DESCRIPTION

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed to the "url" parameter in /cgi/b/ic/connect/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in firmware version 5.4.0.14. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Remco ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6003 // JVNDB: JVNDB-2007-006334 // BID: 25972 // VULHUB: VHN-29365 // PACKETSTORM: 61021

AFFECTED PRODUCTS

vendor:	thomson	model:	speedtouch	scope:	eq	version:	716	Trust: 2.4
vendor:	thomson	model:	tg585 router	scope:	eq	version:	0	Trust: 0.3
vendor:	bt	model:	home hub .b	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	bt	model:	home hub	scope:	eq	version:	6.2.2.6	Trust: 0.3
vendor:	bt	model:	home hub	scope:	eq	version:	0	Trust: 0.3
vendor:	alcatel	model:	speedtouch 7g	scope:	-	version:	-	Trust: 0.3

sources: BID: 25972 // JVNDB: JVNDB-2007-006334 // CNNVD: CNNVD-200711-243 // NVD: CVE-2007-6003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6003
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-6003
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200711-243
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-29365
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-6003
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29365
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29365 // JVNDB: JVNDB-2007-006334 // CNNVD: CNNVD-200711-243 // NVD: CVE-2007-6003

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-29365 // JVNDB: JVNDB-2007-006334 // NVD: CVE-2007-6003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-243

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 61021 // CNNVD: CNNVD-200711-243

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006334

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29365

PATCH

title:

SpeedTouch

url:

http://www.technicolor.com/en/hi/about-technicolor/technicolor-at-a-glance/technicolor-s-other-brands/tab/thomson

Trust: 0.8

sources: JVNDB: JVNDB-2007-006334

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6003	Trust: 2.8
db:	SECUNIA	id:	27564	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-006334	Trust: 0.8
db:	XF	id:	38419	Trust: 0.6
db:	CNNVD	id:	CNNVD-200711-243	Trust: 0.6
db:	BID	id:	25972	Trust: 0.3
db:	EXPLOIT-DB	id:	30882	Trust: 0.1
db:	SEEBUG	id:	SSVID-84240	Trust: 0.1
db:	VULHUB	id:	VHN-29365	Trust: 0.1
db:	PACKETSTORM	id:	61021	Trust: 0.1

sources: VULHUB: VHN-29365 // BID: 25972 // JVNDB: JVNDB-2007-006334 // PACKETSTORM: 61021 // CNNVD: CNNVD-200711-243 // NVD: CVE-2007-6003

REFERENCES

url:	http://secunia.com/advisories/27564	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38419	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6003	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6003	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/38419	Trust: 0.6
url:	http://www.homehub.bt.com/	Trust: 0.3
url:	http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/	Trust: 0.3
url:	http://www.gnucitizen.org/blog/call-jacking	Trust: 0.3
url:	http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems	Trust: 0.3
url:	/archive/1/481835	Trust: 0.3
url:	/archive/1/486081	Trust: 0.3
url:	/archive/1/517314	Trust: 0.3
url:	http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub	Trust: 0.3
url:	http://secunia.com/product/16520/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/27564/	Trust: 0.1
url:	http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-29365 // BID: 25972 // JVNDB: JVNDB-2007-006334 // PACKETSTORM: 61021 // CNNVD: CNNVD-200711-243 // NVD: CVE-2007-6003

CREDITS

Adrian Pastor m123303@richmond.ac.uk

Trust: 0.6

sources: CNNVD: CNNVD-200711-243

SOURCES

db:	VULHUB	id:	VHN-29365
db:	BID	id:	25972
db:	JVNDB	id:	JVNDB-2007-006334
db:	PACKETSTORM	id:	61021
db:	CNNVD	id:	CNNVD-200711-243
db:	NVD	id:	CVE-2007-6003

LAST UPDATE DATE

2025-04-10T21:55:46.753000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29365	date:	2017-07-29T00:00:00
db:	BID	id:	25972	date:	2011-04-04T20:05:00
db:	JVNDB	id:	JVNDB-2007-006334	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200711-243	date:	2007-11-16T00:00:00
db:	NVD	id:	CVE-2007-6003	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29365	date:	2007-11-15T00:00:00
db:	BID	id:	25972	date:	2007-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2007-006334	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	61021	date:	2007-11-20T16:17:55
db:	CNNVD	id:	CNNVD-200711-243	date:	2007-10-08T00:00:00
db:	NVD	id:	CVE-2007-6003	date:	2007-11-15T22:46:00