Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0947


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0947
Last Modified 07 Mar 2011 09:31:25
Published 28 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Thomson SpeedTouch modem running firmware allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.

Vulnerable Systems


VUPEN - ADV-2006-0765

BID - 16839

BUGTRAQ - 20060226 Thomson SpeedTouch 500 modems vulnerable to XSS

SECTRACK - 1015688

SECUNIA - 19069

Last Updated: 27 May 2016 10:41:52