Search criteria
9 vulnerabilities found for tc7200 by technicolor
VAR-201401-0351
Vulnerability from variot - Updated: 2023-12-18 14:06Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.3,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen",
"sources": [
{
"db": "BID",
"id": "64668"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0621",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-00093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0621",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68114",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. \nExploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. \nTechnicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68114",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0621",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30667",
"trust": 2.3
},
{
"db": "BID",
"id": "64668",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124649",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84042",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68114",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"id": "VAR-201401-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
}
]
},
"last_update_date": "2023-12-18T14:06:13.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TC7200 - TC7300 Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30667"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0621"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0621"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30667/"
},
{
"trust": 0.4,
"url": "http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/system/factory"
},
{
"trust": 0.1,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0621"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/options"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/firewall"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e//goform/advanced/ip-filters"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-01-02T15:02:22",
"db": "PACKETSTORM",
"id": "124649"
},
{
"date": "2014-01-08T15:30:02.730000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-05-05T15:23:52.383000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
}
}
VAR-201704-0432
Vulnerability from variot - Updated: 2023-12-18 13:24Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to an information-disclosure vulnerability. This may aid in further attacks. Technicolor TC7200 STD6.01.12 is vulnerable; other versions may also be affected. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0432",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1677"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "65774"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.9
},
"cve": "CVE-2014-1677",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-1677",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01306",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-69616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1677",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1677",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-01306",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to an information-disclosure vulnerability. This may aid in further attacks. \nTechnicolor TC7200 STD6.01.12 is vulnerable; other versions may also be affected. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "VULHUB",
"id": "VHN-69616"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69616",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69616"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1677",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "125388",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "31894",
"trust": 2.3
},
{
"db": "BID",
"id": "65774",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-01306",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "26123",
"trust": 0.6
},
{
"db": "XF",
"id": "91578",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-85208",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61581",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69616",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"id": "VAR-201704-0432",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
}
]
},
"last_update_date": "2023-12-18T13:24:29.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cable Modem - Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/broadband-devices/cable-modems-gateways"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://packetstormsecurity.com/files/125388"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/31894"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/jul/67"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/538955/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91578"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1677"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1677"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/31894/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/65774"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/538955/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/91578"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/26123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"db": "VULHUB",
"id": "VHN-69616"
},
{
"db": "BID",
"id": "65774"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"date": "2017-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-69616"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65774"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"date": "2017-04-03T15:59:00.207000",
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01306"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69616"
},
{
"date": "2014-02-25T00:00:00",
"db": "BID",
"id": "65774"
},
{
"date": "2017-05-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008291"
},
{
"date": "2018-10-09T19:42:58.953000",
"db": "NVD",
"id": "CVE-2014-1677"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerability in which important information is obtained in the firmware of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008291"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-481"
}
],
"trust": 0.6
}
}
VAR-201401-0350
Vulnerability from variot - Updated: 2023-12-18 12:30Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. (1) parental/website-filters.asp of ADDNewDomain Parameters (2) goform/status/diagnostics-route of VmTracerouteHost Parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group. The vulnerability comes from the parental/website-filters.asp script not correctly filtering the 'ADDNewDomain' parameter and the goform/status/diagnostics-route script not correctly filtering the 'VmTracerouteHost' parameter. # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities
Google Dork: N/A
Date: 02-01-2013
Exploit Author: Jeroen - IT Nerdbox
Vendor Homepage:
http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew ays/cable-modems-gateways/tc7200-tc7300
Software Link: N/A
Version: STD6.01.12
Tested on: N/A
CVE : CVE-2014-0620
Proof of Concept:
Persistent Cross Site Scripting:
POST : http:///parental/website-filters.asp
Parameters:
WebFilteringTable 0
WebFilteringChangePolicies 0
WebFiltersADDKeywords
WebFilteringdomainMode 0
ADDNewDomain alert('IT Nerdbox');
WebFiltersKeywordButton 0
WebFiltersDomainButton 1
WebPolicyName
WebFiltersRemove 0
WebFiltersADD 0
WebFiltersReset 0
Reflected Cross Site Scripting
POST : http:////goform/status/diagnostics-route
Parameters:
VmTracerouteHost ">alert('IT Nerdbox');
VmMaxTTL 30
VmTrIsInProgress 0
VmTrUtilityCommand 1
Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0350",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.3,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0620"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen",
"sources": [
{
"db": "BID",
"id": "64672"
},
{
"db": "PACKETSTORM",
"id": "124648"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0620",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-0620",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00092",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-68113",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0620",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-101",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68113",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. (1) parental/website-filters.asp of ADDNewDomain Parameters (2) goform/status/diagnostics-route of VmTracerouteHost Parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nTechnicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group. The vulnerability comes from the parental/website-filters.asp script not correctly filtering the \u0027ADDNewDomain\u0027 parameter and the goform/status/diagnostics-route script not correctly filtering the \u0027VmTracerouteHost\u0027 parameter. # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities\n# Google Dork: N/A\n# Date: 02-01-2013\n# Exploit Author: Jeroen - IT Nerdbox\n# Vendor Homepage:\nhttp://www.technicolor.com/en/solutions-services/connected-home/modems-gatew\nays/cable-modems-gateways/tc7200-tc7300\n# Software Link: N/A\n# Version: STD6.01.12\n# Tested on: N/A\n# CVE : CVE-2014-0620\n#\n# Proof of Concept:\n#\n#\n## Persistent Cross Site Scripting:\n# \n# POST : http://\u003cip\u003e/parental/website-filters.asp\n# Parameters:\n# \n# WebFilteringTable 0\n# WebFilteringChangePolicies 0\n# WebFiltersADDKeywords \n# WebFilteringdomainMode 0\n# ADDNewDomain \u003cscript\u003ealert(\u0027IT Nerdbox\u0027);\u003c/script\u003e\n# WebFiltersKeywordButton 0\n# WebFiltersDomainButton 1\n# WebPolicyName \n# WebFiltersRemove 0\n# WebFiltersADD 0\n# WebFiltersReset 0\n#\n#\n## Reflected Cross Site Scripting\n#\n# POST : http://\u003cip\u003e//goform/status/diagnostics-route\n# Parameters:\n#\n# VmTracerouteHost \"\u003e\u003cscript\u003ealert(\u0027IT Nerdbox\u0027);\u003c/script\u003e\n# VmMaxTTL 30\n# VmTrIsInProgress 0\n# VmTrUtilityCommand 1\n#\n# Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "PACKETSTORM",
"id": "124648"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68113",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68113"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0620",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30668",
"trust": 2.3
},
{
"db": "BID",
"id": "64672",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00092",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124648",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84043",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68113",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"id": "VAR-201401-0350",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
}
]
},
"last_update_date": "2023-12-18T12:30:48.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TC7200 - TC7300 Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64672"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0620"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0620"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30668/"
},
{
"trust": 0.4,
"url": "http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.technicolorbroadbandpartner.com/"
},
{
"trust": 0.1,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0620"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e//goform/status/diagnostics-route"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/parental/website-filters.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"db": "VULHUB",
"id": "VHN-68113"
},
{
"db": "BID",
"id": "64672"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"date": "2014-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68113"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64672"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"date": "2014-01-02T14:04:44",
"db": "PACKETSTORM",
"id": "124648"
},
{
"date": "2014-01-08T15:30:02.683000",
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00092"
},
{
"date": "2015-07-24T00:00:00",
"db": "VULHUB",
"id": "VHN-68113"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64672"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001005"
},
{
"date": "2015-07-24T18:38:39.217000",
"db": "NVD",
"id": "CVE-2014-0620"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001005"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124648"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-101"
}
],
"trust": 0.7
}
}
FKIE_CVE-2014-0621
Vulnerability from fkie_nvd - Published: 2014-01-08 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| technicolor | tc7200_firmware | std6.01.12 | |
| technicolor | tc7200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0120BB22-AEA0-4099-A87E-2EBC5BA21F75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38300025-BFC0-46B5-B7B0-FC4E98DDFE7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site requets forgery (CSRF) en Techicolor TC7200 STD 6.01.12 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones que (1) realizan un reset de f\u00e1brica a trav\u00e9s de una petici\u00f3n a goform/system/factory, (2) deshabilitar opciones avanzadas a trav\u00e9s de una peitici\u00f3n a goform/advanced/options, (3) eliminar ip-filters a trav\u00e9s del par\u00e1metro IpFilterAddressDelete1 a goform/advanced/ip-filters o (4) eliminar ajustes de firewall a trav\u00e9s del par\u00e1metro cbFirewall a goform/advanced/firewall."
}
],
"id": "CVE-2014-0621",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-08T15:30:02.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0620
Vulnerability from fkie_nvd - Published: 2014-01-08 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| technicolor | tc7200_firmware | std6.01.12 | |
| technicolor | tc7200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0120BB22-AEA0-4099-A87E-2EBC5BA21F75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38300025-BFC0-46B5-B7B0-FC4E98DDFE7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en Techicolor TC7200 STD 6.01.12 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a trav\u00e9s (1) del par\u00e1metro ADDNewDomain en parental/website-filters.asp o (2) el parametro VmTracerouteHost a goform/status/diagnostics-route."
}
],
"id": "CVE-2014-0620",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-01-08T15:30:02.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/64672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2014-0620 (GCVE-0-2014-0620)
Vulnerability from cvelistv5 – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30668",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0620",
"datePublished": "2014-01-08T15:00:00",
"dateReserved": "2014-01-01T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0621 (GCVE-0-2014-0621)
Vulnerability from cvelistv5 – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30667",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0621",
"datePublished": "2014-01-08T15:00:00",
"dateReserved": "2014-01-01T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0620 (GCVE-0-2014-0620)
Vulnerability from nvd – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.726Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30668",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30668"
},
{
"name": "64672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0620",
"datePublished": "2014-01-08T15:00:00",
"dateReserved": "2014-01-01T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0621 (GCVE-0-2014-0621)
Vulnerability from nvd – Published: 2014-01-08 15:00 – Updated: 2024-08-06 09:20
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-08T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30667",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30667",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-0621",
"datePublished": "2014-01-08T15:00:00",
"dateReserved": "2014-01-01T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}