Description
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Preben Nylokken · textremotehardware
https://www.exploit-db.com/exploits/27319
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015688
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16839
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0765
Exploit mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426186
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19069
Scores
EPSS
0.0571
EPSS Percentile
90.5%
Details
Status
published
Products (7)
thomson/speedtouch
516_5.3.2.6.0
thomson/speedtouch
530_5.3.2.6.0
thomson/speedtouch
536_5.3.2.6.0
thomson/speedtouch
546_5.3.2.6.0
thomson/speedtouch
576_5.3.2.6.0
thomson/speedtouch
580_5.3.2.6.0
thomson/speedtouch
585_5.3.2.6.0
Published
Mar 01, 2006
Tracked Since
Feb 18, 2026