Vulnerability Description
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thomson | Thomson Cable Modem | tcw690 |
References
- http://marc.info/?l=bugtraq&m=110886937131507&w=2
- http://secunia.com/advisories/14353Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19387
- http://marc.info/?l=bugtraq&m=110886937131507&w=2
- http://secunia.com/advisories/14353Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19387
FAQ
What is CVE-2005-0494?
CVE-2005-0494 is a vulnerability with a CVSS score of 7.5 (HIGH). The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows r...
How severe is CVE-2005-0494?
CVE-2005-0494 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0494?
Check the references section above for vendor advisories and patch information. Affected products include: Thomson Thomson Cable Modem.