CVE-2005-0494

Thomson TCW690 - RCE

Title source: llm

Description

The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by MurDoK · cremotehardware

https://www.exploit-db.com/exploits/829

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/19387

[Vendor Advisory] http://secunia.com/advisories/14353

[Mailing List] http://marc.info/?l=bugtraq&m=110886937131507&w=2

Scores

EPSS 0.0713

EPSS Percentile 91.6%

Details

Status published

Products (1)

thomson/thomson_cable_modem tcw690

Published Feb 21, 2005

Tracked Since Feb 18, 2026