Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2006-0947

Published: Mar 01, 2006 | Modified: Mar 08, 2011
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2006-0947
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the 31 parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.

Affected Software

Name Vendor Start Version End Version
Speedtouch Thomson 516_5.3.2.6.0 (including) 516_5.3.2.6.0 (including)
Speedtouch Thomson 530_5.3.2.6.0 (including) 530_5.3.2.6.0 (including)
Speedtouch Thomson 536_5.3.2.6.0 (including) 536_5.3.2.6.0 (including)
Speedtouch Thomson 546_5.3.2.6.0 (including) 546_5.3.2.6.0 (including)
Speedtouch Thomson 576_5.3.2.6.0 (including) 576_5.3.2.6.0 (including)
Speedtouch Thomson 580_5.3.2.6.0 (including) 580_5.3.2.6.0 (including)
Speedtouch Thomson 585_5.3.2.6.0 (including) 585_5.3.2.6.0 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use