CVE-2007-5384 (CNNVD-200710-214)
中文标题:
BT Home Hub和Thomson/Alcatel Speedtouch HTTPS会话劫持漏洞
英文标题:
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G rout...
漏洞描述
中文描述:
BT Home Hub和Speedtouch 7G都是家用的无线Internet路由器。 BT Home Hub和SpeedTouch 7G路由器中存在多个安全漏洞,允许远程攻击者通过执行不明POST请求执行管理员操作,具体表现为劫持远程协助在TCP端口51003 HTTPS会话。
英文描述:
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| alcatel | speedtouch_7g_router | * | - | - |
cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*
|
| bt | home_hub | * | - | - |
cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
AV:N/AC:M/Au:N/C:N/I:P/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2007-5384 |
2025-11-11 15:17:56 | 2025-11-11 07:32:47 |
| NVD | nvd_CVE-2007-5384 |
2025-11-11 14:52:12 | 2025-11-11 07:41:33 |
| CNNVD | cnnvd_CNNVD-200710-214 |
2025-11-11 15:08:58 | 2025-11-11 07:49:21 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 跨站请求伪造
- cnnvd_id: 未提取 -> CNNVD-200710-214
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 4.3
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:N/I:P/A:N
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']