Lucene search

[email protected]CVE-2005-0494

HistoryFeb 21, 2005 - 5:00 a.m.

CVE-2005-0494

2005-02-2105:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0494

thomson tcw690

cable modem

firmware 2.1

software st42.03.0a

http server

rgsecurity

lan

remote access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.

Affected configurations

NVD

Node

thomsonthomson_cable_modemMatchtcw690

CPENameOperatorVersion
thomson:thomson_cable_modemthomson thomson cable modemeqtcw690

CPE	Name	Operator	Version
thomson:thomson_cable_modem	thomson thomson cable modem	eq	tcw690

References

marc.info/?l=bugtraq&m=110886937131507&w=2

secunia.com/advisories/14353

exchange.xforce.ibmcloud.com/vulnerabilities/19387

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2005-0494

nvd1 cvelist1