Filtered by vendor Technicolor
Subscribe
Search
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-25039 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25038 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25037 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25036 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25035 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-25034 | 1 Technicolor | 2 Thomson Tcw710, Thomson Tcw710 Firmware | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-20381 | 1 Technicolor | 2 Dpc2320, Dpc2320 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20393 | 1 Technicolor | 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2020-11449 | 1 Technicolor | 2 Tc7337, Tc7337 Firmware | 2020-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf. | |||||
| CVE-2020-10376 | 1 Technicolor | 2 Tc7337net, Tc7337net Firmware | 2020-03-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header. | |||||
| CVE-2019-18396 | 1 Technicolor | 2 Td5130v2, Td5130v2 Firmware | 2020-02-10 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127. | |||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | |||||
| CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2020-01-22 | 10.0 HIGH | 9.8 CRITICAL |
| The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | |||||
| CVE-2019-17523 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | |||||
| CVE-2019-17524 | 1 Technicolor | 2 Tc7300.b0, Tc7300.b0 Firmware | 2019-11-15 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this. | |||||
| CVE-2015-7276 | 1 Technicolor | 4 C2000t, C2000t Firmware, C2100t and 1 more | 2019-11-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | |||||
| CVE-2018-20439 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2017-5135 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-10-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability. | |||||
| CVE-2018-15852 | 1 Technicolor | 2 Tc7200.20, Tc7200.20 Firmware | 2019-10-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. | |||||
| CVE-2018-15907 | 1 Technicolor | 2 Tc8305c, Tc8305c Firmware | 2019-10-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. | |||||
| CVE-2018-16310 | 1 Technicolor | 2 Tg588v, Tg588v Firmware | 2019-10-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions. | |||||
| CVE-2018-20394 | 1 Technicolor | 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20438 | 1 Technicolor | 2 Tc7110.ar, Tc7110.ar Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20440 | 1 Technicolor | 2 Cwa0101, Cwa0101 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20441 | 1 Technicolor | 2 Tc7200.th2v2, Tc7200.th2v2 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20442 | 1 Technicolor | 2 Tc7110.b, Tc7110.b Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | |||||
| CVE-2018-20443 | 1 Technicolor | 2 Tc7200.d1i, Tc7200.d1i Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-20444 | 1 Technicolor | 2 Cga0111, Cga0111 Firmware | 2019-10-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | |||||
| CVE-2018-8827 | 1 Technicolor | 2 Tg789vac, Tg789vac Firmware | 2019-01-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | |||||
| CVE-2018-20379 | 1 Technicolor | 2 Dpc3928sl, Dpc3928sl Firmware | 2019-01-14 | 2.6 LOW | 4.7 MEDIUM |
| Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | |||||
| CVE-2014-9144 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 7.5 HIGH | N/A |
| Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||||
| CVE-2014-9143 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | |||||
| CVE-2014-9142 | 1 Technicolor | 1 Td5130 Router Firmware | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | |||||
| CVE-2014-1677 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |||||
| CVE-2017-14127 | 1 Technicolor | 2 Td5336, Td5336 Firmware | 2017-09-08 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | |||||
| CVE-2017-11320 | 1 Technicolor | 2 Tc7337, Tc7337 Firmware | 2017-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | |||||
| CVE-2016-7454 | 1 Technicolor | 2 Xfinity Gateway Router Dpc3941t, Xfinity Gateway Router Dpc3941t Firmware | 2016-12-21 | 7.9 HIGH | 8.0 HIGH |
| CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | |||||
| CVE-2014-0620 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2015-07-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. | |||||
| CVE-2014-0621 | 1 Technicolor | 2 Tc7200, Tc7200 Firmware | 2014-05-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | |||||
| CVE-2011-4506 | 1 Technicolor | 2 Tg585 Router, Tg585 Router Firmware | 2012-03-08 | 7.5 HIGH | N/A |
| The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | |||||