Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities found for tc7200 by technicolor
VAR-201401-0351
Vulnerability from variot - Updated: 2023-12-18 14:06Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.3,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen",
"sources": [
{
"db": "BID",
"id": "64668"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0621",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-00093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0621",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68114",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. \nExploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. \nTechnicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68114",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0621",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30667",
"trust": 2.3
},
{
"db": "BID",
"id": "64668",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124649",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84042",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68114",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"id": "VAR-201401-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
}
]
},
"last_update_date": "2023-12-18T14:06:13.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TC7200 - TC7300 Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30667"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0621"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0621"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30667/"
},
{
"trust": 0.4,
"url": "http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/system/factory"
},
{
"trust": 0.1,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0621"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/options"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/firewall"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e//goform/advanced/ip-filters"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-01-02T15:02:22",
"db": "PACKETSTORM",
"id": "124649"
},
{
"date": "2014-01-08T15:30:02.730000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-05-05T15:23:52.383000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
}
}
VAR-201704-0432
Vulnerability from variot - Updated: 2023-12-18 13:24Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to an information-disclosure vulnerability. This may aid in further attacks. Technicolor TC7200 STD6.01.12 is vulnerable; other versions may also be affected. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "65774"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.9
},
"cve": "CVE-2014-1677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-1677",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01306",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1677",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1677",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-01306",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to an information-disclosure vulnerability. This may aid in further attacks. \nTechnicolor TC7200 STD6.01.12 is vulnerable; other versions may also be affected. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "VULHUB",
"id": "VHN-69616"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69616",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69616"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1677",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "125388",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "31894",
"trust": 2.3
},
{
"db": "BID",
"id": "65774",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01306",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "26123",
"trust": 0.6
},
{
"db": "XF",
"id": "91578",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-85208",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61581",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69616",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"id": "VAR-201704-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
}
]
},
"last_update_date": "2023-12-18T13:24:29.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cable Modem - Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems-gateways"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://packetstormsecurity.com/files/125388"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/31894"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/jul/67"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/538955/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1677"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/31894/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65774"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/538955/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91578"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/26123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-69616"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65774"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"date": "2017-04-03T15:59:00.207000",
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69616"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65774"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"date": "2018-10-09T19:42:58.953000",
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerability in which important information is obtained in the firmware of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.6
}
}
VAR-201401-0350
Vulnerability from variot - Updated: 2023-12-18 12:30Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. (1) parental/website-filters.asp of ADDNewDomain Parameters (2) goform/status/diagnostics-route of VmTracerouteHost Parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group. The vulnerability comes from the parental/website-filters.asp script not correctly filtering the 'ADDNewDomain' parameter and the goform/status/diagnostics-route script not correctly filtering the 'VmTracerouteHost' parameter. # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities
Google Dork: N/A
Date: 02-01-2013
Exploit Author: Jeroen - IT Nerdbox
Vendor Homepage:
http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew ays/cable-modems-gateways/tc7200-tc7300
Software Link: N/A
Version: STD6.01.12
Tested on: N/A
CVE : CVE-2014-0620
Proof of Concept:
Persistent Cross Site Scripting:
POST : http:///parental/website-filters.asp
Parameters:
WebFilteringTable 0
WebFilteringChangePolicies 0
WebFiltersADDKeywords
WebFilteringdomainMode 0
ADDNewDomain alert('IT Nerdbox');
WebFiltersKeywordButton 0
WebFiltersDomainButton 1
WebPolicyName
WebFiltersRemove 0
WebFiltersADD 0
WebFiltersReset 0
Reflected Cross Site Scripting
POST : http:////goform/status/diagnostics-route
Parameters:
VmTracerouteHost ">alert('IT Nerdbox');
VmMaxTTL 30
VmTrIsInProgress 0
VmTrUtilityCommand 1
Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0350",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.3,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen",
"sources": [
{
"db": "BID",
"id": "64672"
},
{
"db": "PACKETSTORM",
"id": "124648"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0620",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00092",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-68113",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0620",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-101",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68113",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. (1) parental/website-filters.asp of ADDNewDomain Parameters (2) goform/status/diagnostics-route of VmTracerouteHost Parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nTechnicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group. The vulnerability comes from the parental/website-filters.asp script not correctly filtering the \u0027ADDNewDomain\u0027 parameter and the goform/status/diagnostics-route script not correctly filtering the \u0027VmTracerouteHost\u0027 parameter. # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities\n# Google Dork: N/A\n# Date: 02-01-2013\n# Exploit Author: Jeroen - IT Nerdbox\n# Vendor Homepage:\nhttp://www.technicolor.com/en/solutions-services/connected-home/modems-gatew\nays/cable-modems-gateways/tc7200-tc7300\n# Software Link: N/A\n# Version: STD6.01.12\n# Tested on: N/A\n# CVE : CVE-2014-0620\n#\n# Proof of Concept:\n#\n#\n## Persistent Cross Site Scripting:\n# \n# POST : http://\u003cip\u003e/parental/website-filters.asp\n# Parameters:\n# \n# WebFilteringTable 0\n# WebFilteringChangePolicies 0\n# WebFiltersADDKeywords \n# WebFilteringdomainMode 0\n# ADDNewDomain \u003cscript\u003ealert(\u0027IT Nerdbox\u0027);\u003c/script\u003e\n# WebFiltersKeywordButton 0\n# WebFiltersDomainButton 1\n# WebPolicyName \n# WebFiltersRemove 0\n# WebFiltersADD 0\n# WebFiltersReset 0\n#\n#\n## Reflected Cross Site Scripting\n#\n# POST : http://\u003cip\u003e//goform/status/diagnostics-route\n# Parameters:\n#\n# VmTracerouteHost \"\u003e\u003cscript\u003ealert(\u0027IT Nerdbox\u0027);\u003c/script\u003e\n# VmMaxTTL 30\n# VmTrIsInProgress 0\n# VmTrUtilityCommand 1\n#\n# Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "PACKETSTORM",
"id": "124648"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68113",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68113"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0620",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30668",
"trust": 2.3
},
{
"db": "BID",
"id": "64672",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00092",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124648",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84043",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68113",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"id": "VAR-201401-0350",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
}
]
},
"last_update_date": "2023-12-18T12:30:48.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TC7200 - TC7300 Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64672"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0620"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0620"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30668/"
},
{
"trust": 0.4,
"url": "http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.technicolorbroadbandpartner.com/"
},
{
"trust": 0.1,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0620"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e//goform/status/diagnostics-route"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/parental/website-filters.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"date": "2014-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68113"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64672"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"date": "2014-01-02T14:04:44",
"db": "PACKETSTORM",
"id": "124648"
},
{
"date": "2014-01-08T15:30:02.683000",
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"date": "2015-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-68113"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64672"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"date": "2015-07-24T18:38:39.217000",
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
],
"trust": 0.7
}
}
CVE-2014-0621 (GCVE-0-2014-0621)
Vulnerability from nvd – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/30667 | exploitx_refsource_EXPLOIT-DB |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30667",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0621",
"datePublished": "2014-01-08T15:00:00.000Z",
"dateReserved": "2014-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:19.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0620 (GCVE-0-2014-0620)
Vulnerability from nvd – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/30668 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/64672 | vdb-entryx_refsource_BID |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30668",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0620",
"datePublished": "2014-01-08T15:00:00.000Z",
"dateReserved": "2014-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:19.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0620 (GCVE-0-2014-0620)
Vulnerability from cvelistv5 – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/30668 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/64672 | vdb-entryx_refsource_BID |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30668",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0620",
"datePublished": "2014-01-08T15:00:00.000Z",
"dateReserved": "2014-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:19.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0621 (GCVE-0-2014-0621)
Vulnerability from cvelistv5 – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.exploit-db.com/exploits/30667 | exploitx_refsource_EXPLOIT-DB |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30667",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0621",
"datePublished": "2014-01-08T15:00:00.000Z",
"dateReserved": "2014-01-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:20:19.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}