Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0947

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0947
Last Modified 07 Mar 2011 09:31:25
Published 28 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0947

Summary

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.

Vulnerable Systems


References

VUPEN - ADV-2006-0765

BID - 16839

BUGTRAQ - 20060226 Thomson SpeedTouch 500 modems vulnerable to XSS

SECTRACK - 1015688

SECUNIA - 19069


Last Updated: 27 May 2016 10:41:52