Vulnerabilities > Technicolor

DATE CVE VULNERABILITY TITLE RISK
2018-08-25 CVE-2018-15852 Resource Exhaustion vulnerability in Technicolor Tc7200.20 Firmware
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof.
low complexity
technicolor CWE-400
6.5
2017-09-04 CVE-2017-14127 OS Command Injection vulnerability in Technicolor Td5336 Firmware 7.0
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
network
low complexity
technicolor CWE-78
critical
10.0
2017-08-03 CVE-2017-11320 Cross-site Scripting vulnerability in Technicolor Tc7337 Firmware 08.89.17.20.00
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
4.3
2017-04-27 CVE-2017-5135 SNMP Authentication Bypass vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases.
network
low complexity
technicolor
6.4
2017-04-03 CVE-2014-1677 Information Exposure vulnerability in Technicolor Tc7200 Firmware Std6.01.12
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
network
low complexity
technicolor CWE-200
5.0
2016-12-17 CVE-2016-7454 Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
7.9
2014-12-05 CVE-2014-9144 Command Injection vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
network
low complexity
technicolor CWE-77
7.5
2014-12-05 CVE-2014-9143 Code vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
4.3
2014-12-05 CVE-2014-9142 Cross-Site Scripting vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
4.3
2014-01-08 CVE-2014-0621 Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Tc7200 and Tc7200 Firmware
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
6.8