CVE-2005-0494

Name of the Vulnerable Software and Affected Versions Thomson TCW690 cable modem firmware 2.1 and software ST42.03.0a

Description The issue concerns the RgSecurity form in the HTTP server, which fails to properly validate the password before making changes. This allows remote attackers on the LAN to gain access via a direct POST request to the / endpoint, although the specific endpoint is not mentioned.

Recommendations For firmware 2.1 and software ST42.03.0a, consider restricting access to the RgSecurity form in the HTTP server until a patch is available. As a temporary workaround, limit LAN access to the HTTP server to minimize the risk of exploitation.