Vulnerabilities > Technicolor

DATE CVE VULNERABILITY TITLE RISK
2020-01-09 CVE-2019-19494 Classic Buffer Overflow vulnerability in multiple products
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser.
9.3
2020-01-08 CVE-2019-19495 Improper Input Validation vulnerability in Technicolor Tc7230 Steb Firmware 0.1.25
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser.
network
low complexity
technicolor CWE-20
critical
10.0
2019-11-13 CVE-2019-17524 Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp.
3.5
2019-11-13 CVE-2019-17523 Cross-site Scripting vulnerability in Technicolor Tc7300.B0 Firmware Stfa.51.20
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
3.5
2019-11-06 CVE-2015-7276 Use of Hard-coded Credentials vulnerability in Technicolor C2000T Firmware and C2100T Firmware
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
4.3
2019-10-31 CVE-2019-18396 OS Command Injection vulnerability in Technicolor Td5130V2 Firmware Oifwv20
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices.
network
low complexity
technicolor CWE-78
7.2
2019-01-03 CVE-2018-8827 Cross-site Scripting vulnerability in Technicolor Tg789Vac Firmware 16.3.7190276100520161004084353
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
4.3
2018-12-25 CVE-2018-20444 Insufficiently Protected Credentials vulnerability in Technicolor Cga0111 Firmware Cga0111Ees13E23Ec8000R57121702170829Tru
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
network
low complexity
technicolor CWE-522
5.0
2018-12-25 CVE-2018-20443 Insufficiently Protected Credentials vulnerability in Technicolor Tc7200.D1I Firmware Tc7200.D1Ien23Ec7000R5712170406Hat
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
network
low complexity
technicolor CWE-522
5.0
2018-12-25 CVE-2018-20442 Insufficiently Protected Credentials vulnerability in Technicolor Tc7110.B Firmware Stc8.62.02
Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
network
low complexity
technicolor CWE-522
5.0