Details of VAR-200710-0020

ID

VAR-200710-0020

CVE

CVE-2007-5385

TITLE

BT Home Hub Used in etc. Thomson/Alcatel SpeedTouch 7G Router cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-002764

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. BT Home Hub Used in etc. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device

Trust: 1.98

sources: NVD: CVE-2007-5385 // JVNDB: JVNDB-2007-002764 // BID: 25972 // VULHUB: VHN-28747

AFFECTED PRODUCTS

vendor:	alcatel	model:	speedtouch 7g router	scope:	eq	version:	*	Trust: 1.0
vendor:	bt	model:	home hub	scope:	eq	version:	*	Trust: 1.0
vendor:	bt	model:	home hub	scope:	lte	version:	6.2.6.b	Trust: 0.8
vendor:	alcatel lucent	model:	speedtouch 7g router	scope:	-	version:	-	Trust: 0.8
vendor:	alcatel	model:	speedtouch 7g router	scope:	-	version:	-	Trust: 0.6
vendor:	thomson	model:	tg585 router	scope:	eq	version:	0	Trust: 0.3
vendor:	bt	model:	home hub .b	scope:	eq	version:	6.2.6	Trust: 0.3
vendor:	bt	model:	home hub	scope:	eq	version:	6.2.2.6	Trust: 0.3
vendor:	bt	model:	home hub	scope:	eq	version:	0	Trust: 0.3
vendor:	alcatel	model:	speedtouch 7g	scope:	-	version:	-	Trust: 0.3

sources: BID: 25972 // JVNDB: JVNDB-2007-002764 // NVD: CVE-2007-5385 // CNNVD: CNNVD-200710-212

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-5385
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200710-212
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28747
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-5385
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-28747
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28747 // JVNDB: JVNDB-2007-002764 // NVD: CVE-2007-5385 // CNNVD: CNNVD-200710-212

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-28747 // JVNDB: JVNDB-2007-002764 // NVD: CVE-2007-5385

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-212

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200710-212

CONFIGURATIONS

sources: NVD: CVE-2007-5385

PATCH

title:	Top Page	url:	http://www.alcatel-lucent.com/alcatel/	Trust: 0.8
title:	Top Page	url:	http://www.bt.com/	Trust: 0.8

sources: JVNDB: JVNDB-2007-002764

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5385	Trust: 2.8
db:	BID	id:	25972	Trust: 2.0
db:	SREASON	id:	3213	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002764	Trust: 0.8
db:	BUGTRAQ	id:	20071008 BT HOME FLUB: PWNIN THE BT HOME HUB	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-212	Trust: 0.6
db:	VULHUB	id:	VHN-28747	Trust: 0.1

sources: VULHUB: VHN-28747 // BID: 25972 // JVNDB: JVNDB-2007-002764 // NVD: CVE-2007-5385 // CNNVD: CNNVD-200710-212

REFERENCES

url:	http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub	Trust: 2.0
url:	http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/	Trust: 2.0
url:	http://www.securityfocus.com/bid/25972	Trust: 1.7
url:	http://securityreason.com/securityalert/3213	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/481835/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5385	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5385	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded	Trust: 0.6
url:	http://www.homehub.bt.com/	Trust: 0.3
url:	http://www.gnucitizen.org/blog/call-jacking	Trust: 0.3
url:	http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems	Trust: 0.3
url:	/archive/1/481835	Trust: 0.3
url:	/archive/1/486081	Trust: 0.3
url:	/archive/1/517314	Trust: 0.3

sources: VULHUB: VHN-28747 // BID: 25972 // JVNDB: JVNDB-2007-002764 // NVD: CVE-2007-5385 // CNNVD: CNNVD-200710-212

CREDITS

Adrian Pastor※ m123303@richmond.ac.uk

Trust: 0.6

sources: CNNVD: CNNVD-200710-212

SOURCES

db:	VULHUB	id:	VHN-28747
db:	BID	id:	25972
db:	JVNDB	id:	JVNDB-2007-002764
db:	NVD	id:	CVE-2007-5385
db:	CNNVD	id:	CNNVD-200710-212

LAST UPDATE DATE

2023-12-18T11:00:38.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28747	date:	2018-10-15T00:00:00
db:	BID	id:	25972	date:	2011-04-04T20:05:00
db:	JVNDB	id:	JVNDB-2007-002764	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-5385	date:	2018-10-15T21:44:14.937
db:	CNNVD	id:	CNNVD-200710-212	date:	2007-10-15T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28747	date:	2007-10-12T00:00:00
db:	BID	id:	25972	date:	2007-10-08T00:00:00
db:	JVNDB	id:	JVNDB-2007-002764	date:	2012-06-26T00:00:00
db:	NVD	id:	CVE-2007-5385	date:	2007-10-12T01:17:00
db:	CNNVD	id:	CNNVD-200710-212	date:	2007-10-11T00:00:00