Vulnerability Details : CVE-2006-0947
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
Exploit prediction scoring system (EPSS) score for CVE-2006-0947
Probability of exploitation activity in the next 30 days: 5.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-0947
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-0947
Products affected by CVE-2006-0947
- cpe:2.3:h:thomson:speedtouch:546_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:576_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:530_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:536_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:580_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:585_5.3.2.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:thomson:speedtouch:516_5.3.2.6.0:*:*:*:*:*:*:*