Vulnerability Name:

CVE-2006-3974 (CCN-34776)

Assigned:2006-08-02
Published:2007-06-08
Updated:2017-07-20
Summary:Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-3974

Source: OSVDB
Type: UNKNOWN
36888

Source: CCN
Type: SA21255
3Com OfficeConnect Secure Router Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
21255

Source: CCN
Type: Secunia Research 08/06/2007
3Com OfficeConnect Secure Router Cross-Site Scripting

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2006-60/advisory/

Source: CCN
Type: 3Com OfficeConnect Router Web site
Welcome to 3Com Corporation

Source: CCN
Type: OSVDB ID: 36888
3Com OfficeConnect Secure Router tk Parameter XSS

Source: BID
Type: Exploit
24374

Source: CCN
Type: BID-24374
3Com OfficeConnect Secure Router Tk Parameter Cross Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-2103

Source: XF
Type: UNKNOWN
3com-officeconnect-tk-xss(34776)

Source: XF
Type: UNKNOWN
3com-officeconnect-tk-xss(34776)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:3com:3cr860-95:1.04:*:168_bit:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    3com 3cr860-95 1.04