CVE-2005-0494

Published Feb 21, 2005

Last updated 7 years ago

Overview

Description: The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:thomson:thomson_cable_modem:tcw690:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64693F84-4564-4AF3-B778-09BAA10189C0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References