CVE-2007-5384
Summary
| CVE | CVE-2007-5384 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-12 01:17:00 UTC |
| Updated | 2018-10-15 21:44:00 UTC |
| Description | Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Alcatel | Speedtouch 7g Router | All | All | All | All |
| Hardware | Alcatel | Speedtouch 7g Router | All | All | All | All |
| Hardware | Bt | Home Hub | All | All | All | All |
| Hardware | Bt | Home Hub | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BT home router wide open to hijackers | The Register | MISC | www.theregister.co.uk | |
| BT Home Hub and Thomson/Alcatel Speedtouch 7G Multiple Vulnerabilities | BID | www.securityfocus.com | |
| BT Home Flub: Pwnin the BT Home Hub | GNUCITIZEN | MISC | www.gnucitizen.org | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| SecurityReason - BT Home Flub: Pwnin the BT Home Hub | SREASON | securityreason.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.