Vulnerabilities > Technicolor

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-11449 Insufficiently Protected Credentials vulnerability in Technicolor Tc7337 Firmware 8.89.17
An issue was discovered on Technicolor TC7337 8.89.17 devices.
network
low complexity
technicolor CWE-522
5.0
2020-03-11 CVE-2020-10376 Cleartext Transmission of Sensitive Information vulnerability in Technicolor Tc7337Net Firmware 08.89.17.23.03
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
network
low complexity
technicolor CWE-319
5.0
2020-01-09 CVE-2019-19494 Classic Buffer Overflow vulnerability in multiple products
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser.
9.3
2020-01-08 CVE-2019-19495 Improper Input Validation vulnerability in Technicolor Tc7230 Steb Firmware 0.1.25
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser.
network
low complexity
technicolor CWE-20
critical
10.0
2019-11-13 CVE-2019-17524 Cross-Site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp.
3.5
2019-11-13 CVE-2019-17523 Cross-Site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
3.5
2019-11-06 CVE-2015-7276 USE of Hard-Coded Credentials vulnerability in Technicolor C2000T Firmware and C2100T Firmware
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
4.3
2019-10-31 CVE-2019-18396 OS Command Injection vulnerability in Technicolor Td5130V2 Firmware Oifwv20
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices.
network
low complexity
technicolor CWE-78
critical
9.0
2019-01-03 CVE-2018-8827 Cross-Site Scripting vulnerability in Technicolor Tg789Vac Firmware 16.3.7190276100520161004084353
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
4.3
2018-12-25 CVE-2018-20444 Insufficiently Protected Credentials vulnerability in Technicolor Cga0111 Firmware Cga0111Ees13E23Ec8000R57121702170829Tru
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
network
low complexity
technicolor CWE-522
5.0