vulnerability alert 7336
Thomson SpeedTouch: several vulnerabilities
Synthesis of the vulnerability
| Several vulnerabilities of Thomson SpeedTouch permit an attacker to create Cross Site Scripting attacks or to elevate his privileges. |
Severity: 2/4.
Creation date: 12/11/2007.
|
Description of the vulnerability
Several vulnerabilities were announced in Thomson SpeedTouch.
The modem does not handle CSRF attacks. [severity:2/4; >]
An attacker can create several Cross Site Scripting attacks. [severity:2/4; >]
An attacker can use a double slash to bypass authentication. [severity:2/4; >]
An attacker can access to advanced features without entering a password. [severity:2/4; >]
An attacker can access to saved features. [severity:2/4; >] |
Complete Vigil@nce bulletin
Characteristics
Title: Thomson SpeedTouch: several vulnerabilities.
Keywords: CSRF Cross Scripting Site SpeedTouch Thomson several vulnerabilities.
Identifiers: BID-25972, BID-26808, VIGILANCE-VUL-7336.
|
Information sources
Supplements
Vulnerability : System-wide CSRF
The modem does not handle CSRF attacks.
Severity: 2/4.
|
|
Vulnerability : XSS
An attacker can create several Cross Site Scripting attacks.
Severity: 2/4.
|
|
Vulnerability : Double-slash Authentication Bypass
An attacker can use a double slash to bypass authentication.
Severity: 2/4.
|
|
Vulnerability : A-to-C authentication bypass
An attacker can access to advanced features without entering a password.
Severity: 2/4.
|
|
Vulnerability : Privilege Escalation
An attacker can access to saved features.
Severity: 2/4.
|
|
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
