Vulnerabilities > Technicolor
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-25 | CVE-2018-15852 | Resource Exhaustion vulnerability in Technicolor Tc7200.20 Firmware Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. | 6.5 |
2017-09-04 | CVE-2017-14127 | OS Command Injection vulnerability in Technicolor Td5336 Firmware 7.0 Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | 10.0 |
2017-08-03 | CVE-2017-11320 | Cross-site Scripting vulnerability in Technicolor Tc7337 Firmware 08.89.17.20.00 Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | 4.3 |
2017-04-27 | CVE-2017-5135 | SNMP Authentication Bypass vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. | 6.4 |
2017-04-03 | CVE-2014-1677 | Information Exposure vulnerability in Technicolor Tc7200 Firmware Std6.01.12 Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | 5.0 |
2016-12-17 | CVE-2016-7454 | Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | 7.9 |
2014-12-05 | CVE-2014-9144 | Command Injection vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | 7.5 |
2014-12-05 | CVE-2014-9143 | Code vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | 4.3 |
2014-12-05 | CVE-2014-9142 | Cross-Site Scripting vulnerability in Technicolor Td5130 Router Firmware 2.05.C29Gv Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | 4.3 |
2014-01-08 | CVE-2014-0621 | Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Tc7200 and Tc7200 Firmware Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | 6.8 |