CVE-2006-0947
First published: Wed Mar 01 2006(Updated: )
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thomson SpeedTouch USB Driver | =516_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =530_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =536_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =546_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =576_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =580_5.3.2.6.0 | |
| Thomson SpeedTouch USB Driver | =585_5.3.2.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-0947?
CVE-2006-0947 has been classified with a medium severity due to its potential impact on user management in the affected Thomson SpeedTouch devices.
How do I fix CVE-2006-0947?
To mitigate CVE-2006-0947, update the Thomson SpeedTouch modem's firmware to a version that addresses this user creation vulnerability.
Which devices are affected by CVE-2006-0947?
CVE-2006-0947 affects Thomson SpeedTouch devices running firmware version 5.3.2.6.0, including models 516, 530, 536, 546, 576, 580, and 585.
Can attackers exploit CVE-2006-0947 remotely?
Yes, attackers can remotely exploit CVE-2006-0947 by using scripting code in the NewUser function to create unremovable users.
Why can't the administrator delete users created through CVE-2006-0947?
Users created through the vulnerability in CVE-2006-0947 cannot be deleted by the administrator due to improper filtering in the modem's user management feature.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/thomson
- canonical/thomson speedtouch usb driver
- version/thomson speedtouch usb driver/516_5.3.2.6.0
- version/thomson speedtouch usb driver/530_5.3.2.6.0
- version/thomson speedtouch usb driver/536_5.3.2.6.0
- version/thomson speedtouch usb driver/546_5.3.2.6.0
- version/thomson speedtouch usb driver/576_5.3.2.6.0
- version/thomson speedtouch usb driver/580_5.3.2.6.0
- version/thomson speedtouch usb driver/585_5.3.2.6.0