Vulnerabilities > Technicolor
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-09 | CVE-2019-19494 | Classic Buffer Overflow vulnerability in multiple products Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. | 9.3 |
2020-01-08 | CVE-2019-19495 | Improper Input Validation vulnerability in Technicolor Tc7230 Steb Firmware 0.1.25 The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. | 10.0 |
2019-11-13 | CVE-2019-17524 | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. | 3.5 |
2019-11-13 | CVE-2019-17523 | Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20 An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp. | 3.5 |
2019-11-06 | CVE-2015-7276 | Use of Hard-coded Credentials vulnerability in Technicolor C2000T Firmware and C2100T Firmware Technicolor C2000T and C2100T uses hard-coded cryptographic keys. | 4.3 |
2019-10-31 | CVE-2019-18396 | OS Command Injection vulnerability in Technicolor Td5130V2 Firmware Oifwv20 An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. | 7.2 |
2019-01-03 | CVE-2018-8827 | Cross-site Scripting vulnerability in Technicolor Tg789Vac Firmware 16.3.7190276100520161004084353 The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | 4.3 |
2018-12-25 | CVE-2018-20444 | Insufficiently Protected Credentials vulnerability in Technicolor Cga0111 Firmware Cga0111Ees13E23Ec8000R57121702170829Tru Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 5.0 |
2018-12-25 | CVE-2018-20443 | Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.D1I Firmware Tc7200.D1Ien23Ec7000R5712170406Hat Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests. | 5.0 |
2018-12-25 | CVE-2018-20442 | Insufficiently Protected Credentials vulnerability in Technicolor Tc7110.B Firmware Stc8.62.02 Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests. | 5.0 |