CVE-2007-2649 : Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script,

Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.

Published 2007-05-14 21:19:00

Updated 2018-10-16 16:44:51

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2007-2649

Probability of exploitation activity in the next 30 days: 27.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-2649

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2007-2649

Products affected by CVE-2007-2649

T-com » Speedport W 700v
cpe:2.3:h:t-com:speedport_w_700v:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-2649

Exploit prediction scoring system (EPSS) score for CVE-2007-2649

CVSS scores for CVE-2007-2649

References for CVE-2007-2649

Products affected by CVE-2007-2649