Sign-up

ID

VAR-200711-0147


CVE

CVE-2007-6003


TITLE

Thomson SpeedTouch 716 of cgi/b/ic/connect Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-006334

DESCRIPTION

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. BT Home Hub and Thomson/Alcatel Speedtouch 7G routers are prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, a cross-site scripting issue, multiple HTML-injection issues, and multiple authentication-bypass issues. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. These issues affect the BT Home Hub and Thomson/Alcatel Speedtouch 7G routers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed to the "url" parameter in /cgi/b/ic/connect/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in firmware version 5.4.0.14. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Remco ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6003 // JVNDB: JVNDB-2007-006334 // BID: 25972 // VULHUB: VHN-29365 // PACKETSTORM: 61021

AFFECTED PRODUCTS

vendor:thomsonmodel:speedtouchscope:eqversion:716

Trust: 2.4

vendor:thomsonmodel:tg585 routerscope:eqversion:0

Trust: 0.3

vendor:btmodel:home hub .bscope:eqversion:6.2.6

Trust: 0.3

vendor:btmodel:home hubscope:eqversion:6.2.2.6

Trust: 0.3

vendor:btmodel:home hubscope:eqversion:0

Trust: 0.3

vendor:alcatelmodel:speedtouch 7gscope: - version: -

Trust: 0.3

sources: BID: 25972 // JVNDB: JVNDB-2007-006334 // NVD: CVE-2007-6003 // CNNVD: CNNVD-200711-243

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-6003
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-200711-243
value: MEDIUM

Trust: 0.6

VULHUB: VHN-29365
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2007-6003
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-29365
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-29365 // JVNDB: JVNDB-2007-006334 // NVD: CVE-2007-6003 // CNNVD: CNNVD-200711-243

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-29365 // JVNDB: JVNDB-2007-006334 // NVD: CVE-2007-6003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200711-243

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 61021 // CNNVD: CNNVD-200711-243

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-6003

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-29365

PATCH
title:SpeedTouchurl:http://www.technicolor.com/en/hi/about-technicolor/technicolor-at-a-glance/technicolor-s-other-brands/tab/thomson
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-006334

EXTERNAL IDS
db:NVDid:CVE-2007-6003
Trust: 2.8
db:SECUNIAid:27564
Trust: 1.8
db:JVNDBid:JVNDB-2007-006334
Trust: 0.8
db:XFid:38419
Trust: 0.6
db:CNNVDid:CNNVD-200711-243
Trust: 0.6
db:BIDid:25972
Trust: 0.3
db:EXPLOIT-DBid:30882
Trust: 0.1
db:SEEBUGid:SSVID-84240
Trust: 0.1
db:VULHUBid:VHN-29365
Trust: 0.1
db:PACKETSTORMid:61021
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29365 // 
            
            
            
            BID: 25972 // 
            
            
            
            JVNDB: JVNDB-2007-006334 // 
            
            
            
            PACKETSTORM: 61021 // 
            
            
            
            NVD: CVE-2007-6003 // 
            
            
            
            CNNVD: CNNVD-200711-243

REFERENCES
url:http://secunia.com/advisories/27564
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/38419
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6003
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6003
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/38419
Trust: 0.6
url:http://www.homehub.bt.com/
Trust: 0.3
url:http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
Trust: 0.3
url:http://www.gnucitizen.org/blog/call-jacking
Trust: 0.3
url:http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems
Trust: 0.3
url:/archive/1/481835
Trust: 0.3
url:/archive/1/486081
Trust: 0.3
url:/archive/1/517314
Trust: 0.3
url:http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
Trust: 0.3
url:http://secunia.com/product/16520/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/27564/
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-29365 // 
            
            
            
            BID: 25972 // 
            
            
            
            JVNDB: JVNDB-2007-006334 // 
            
            
            
            PACKETSTORM: 61021 // 
            
            
            
            NVD: CVE-2007-6003 // 
            
            
            
            CNNVD: CNNVD-200711-243

CREDITS
Adrian Pastor m123303@richmond.ac.uk
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200711-243

SOURCES
db:VULHUBid:VHN-29365
db:BIDid:25972
db:JVNDBid:JVNDB-2007-006334
db:PACKETSTORMid:61021
db:NVDid:CVE-2007-6003
db:CNNVDid:CNNVD-200711-243

LAST UPDATE DATE
2023-12-18T10:55:01.797000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-29365date:2017-07-29T00:00:00
db:BIDid:25972date:2011-04-04T20:05:00
db:JVNDBid:JVNDB-2007-006334date:2012-12-20T00:00:00
db:NVDid:CVE-2007-6003date:2017-07-29T01:33:59.193
db:CNNVDid:CNNVD-200711-243date:2007-11-16T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-29365date:2007-11-15T00:00:00
db:BIDid:25972date:2007-10-08T00:00:00
db:JVNDBid:JVNDB-2007-006334date:2012-12-20T00:00:00
db:PACKETSTORMid:61021date:2007-11-20T16:17:55
db:NVDid:CVE-2007-6003date:2007-11-15T22:46:00
db:CNNVDid:CNNVD-200711-243date:2007-10-08T00:00:00