Sign-up

ID

VAR-200701-0215


CVE

CVE-2007-0435


TITLE

T-Com Speedport 500V Vulnerability bypassing authentication in routers

Trust: 0.8

sources: JVNDB: JVNDB-2007-004983

DESCRIPTION

T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. Exploiting this issue allows attackers to gain unauthorized access to the device's administration interface. This can result in the compromise of the device and may facilitate attacks against computers connected to the device. T-Com Speed 500V with Firmware version 1.31 is vulnerable; other versions may also be affected. The Speedport 500V is a broadband router widely sold by German ADSL providers. Speedport only sets the cookie to the LOGINKEY=TECOM content (hard coded and cannot be changed) when authenticating the user's input password. If an attacker can create this cookie, he can bypass password authentication by directly calling the configuration HTML site, obtain unauthorized access, and change system configurations, such as disabling the firewall. While an attacker cannot change the system password without knowing the old password, it is possible to reset the password to the default via a firmware upgrade and gain full system access. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: T-Com Speedport Authentication Bypass SECUNIA ADVISORY ID: SA23853 VERIFY ADVISORY: http://secunia.com/advisories/23853/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: T-Com Speedport 500V 1.x http://secunia.com/product/13294/ DESCRIPTION: Virginity has reported a vulnerability in T-Com Speedport, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Use the device only in trusted networks. via a firewall). PROVIDED AND/OR DISCOVERED BY: Virginity ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-0435 // JVNDB: JVNDB-2007-004983 // BID: 22160 // VULHUB: VHN-23797 // PACKETSTORM: 53816

AFFECTED PRODUCTS

vendor:t commodel:speedport 500vscope:eqversion: -

Trust: 1.6

vendor:t commodel:speedport 500vscope:eqversion:1.31

Trust: 1.0

vendor:t commodel:speedport 500vscope:eqversion:firmware 1.31

Trust: 0.8

vendor:t commodel:speedport w500vscope:eqversion:1.30

Trust: 0.3

vendor:t commodel:speedportscope:eqversion:500v1.31

Trust: 0.3

vendor:mod500model:targa wr500 voip mod500scope: - version: -

Trust: 0.3

vendor:mod500model:speedport w500v mod500scope: - version: -

Trust: 0.3

vendor:mod500model:speedport mod500scope:eqversion:500v

Trust: 0.3

sources: BID: 22160 // JVNDB: JVNDB-2007-004983 // CNNVD: CNNVD-200701-374 // NVD: CVE-2007-0435

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0435
value: HIGH

Trust: 1.0

NVD: CVE-2007-0435
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200701-374
value: HIGH

Trust: 0.6

VULHUB: VHN-23797
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-0435
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-23797
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-23797 // JVNDB: JVNDB-2007-004983 // CNNVD: CNNVD-200701-374 // NVD: CVE-2007-0435

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-23797 // NVD: CVE-2007-0435

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-374

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200701-374

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-004983

EXTERNAL IDS
db:NVDid:CVE-2007-0435
Trust: 2.8
db:BIDid:22160
Trust: 2.0
db:SECUNIAid:23853
Trust: 1.8
db:OSVDBid:32995
Trust: 1.7
db:JVNDBid:JVNDB-2007-004983
Trust: 0.8
db:CNNVDid:CNNVD-200701-374
Trust: 0.7
db:BUGTRAQid:20070119 VIRGINITY SECURITY ADVISORY 2007-001 : T-COM SPEEDPORT 500V LOGIN BYPASS
Trust: 0.6
db:BUGTRAQid:20070122 RE: VIRGINITY SECURITY ADVISORY 2007-001 : T-COM SPEEDPORT 500V LOGIN BYPASS
Trust: 0.6
db:BUGTRAQid:20070216 RE: VIRGINITY SECURITY ADVISORY 2007-001 : T-COM SPEEDPORT 500V LOGIN BYPASS
Trust: 0.6
db:BUGTRAQid:20070121 RE: VIRGINITY SECURITY ADVISORY 2007-001 : T-COM SPEEDPORT 500V LOGIN BYPASS
Trust: 0.6
db:XFid:31621
Trust: 0.6
db:VULHUBid:VHN-23797
Trust: 0.1
db:PACKETSTORMid:53816
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23797 // 
            
            
            
            BID: 22160 // 
            
            
            
            JVNDB: JVNDB-2007-004983 // 
            
            
            
            PACKETSTORM: 53816 // 
            
            
            
            CNNVD: CNNVD-200701-374 // 
            
            
            
            NVD: CVE-2007-0435

REFERENCES
url:http://www.securityfocus.com/bid/22160
Trust: 1.7
url:http://osvdb.org/32995
Trust: 1.7
url:http://secunia.com/advisories/23853
Trust: 1.7
url:http://www.securityfocus.com/archive/1/457453/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/457645/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/457656/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/460319/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/31621
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0435
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0435
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/457453/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/31621
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/460319/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/457656/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/457645/100/0/threaded
Trust: 0.6
url:http://www2.dsl.t-online.de/dyn/c/55/30/93/5530934.html
Trust: 0.3
url:http://www.securityfocus.com/archive/1/457453/30/0/threaded
Trust: 0.3
url:/archive/1/460319
Trust: 0.3
url:/archive/1/457645
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/23853/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13294/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-23797 // 
            
            
            
            BID: 22160 // 
            
            
            
            JVNDB: JVNDB-2007-004983 // 
            
            
            
            PACKETSTORM: 53816 // 
            
            
            
            CNNVD: CNNVD-200701-374 // 
            
            
            
            NVD: CVE-2007-0435

CREDITS
Virginity  advisory07@smtp.ru
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200701-374

SOURCES
db:VULHUBid:VHN-23797
db:BIDid:22160
db:JVNDBid:JVNDB-2007-004983
db:PACKETSTORMid:53816
db:CNNVDid:CNNVD-200701-374
db:NVDid:CVE-2007-0435

LAST UPDATE DATE
2025-04-10T23:16:52.158000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-23797date:2018-10-16T00:00:00
db:BIDid:22160date:2015-05-12T19:35:00
db:JVNDBid:JVNDB-2007-004983date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200701-374date:2007-01-23T00:00:00
db:NVDid:CVE-2007-0435date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-23797date:2007-01-23T00:00:00
db:BIDid:22160date:2007-01-22T00:00:00
db:JVNDBid:JVNDB-2007-004983date:2012-12-20T00:00:00
db:PACKETSTORMid:53816date:2007-01-22T15:23:39
db:CNNVDid:CNNVD-200701-374date:2007-01-22T00:00:00
db:NVDid:CVE-2007-0435date:2007-01-23T02:28:00