VAR-201401-0351
Vulnerability from variot - Updated: 2023-12-18 14:06Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tc7200",
"scope": "eq",
"trust": 2.4,
"vendor": "technicolor",
"version": "std6.01.12"
},
{
"model": "tc7200",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200",
"scope": null,
"trust": 0.6,
"vendor": "technicolor",
"version": null
},
{
"model": "tc7200 std6.01.12",
"scope": null,
"trust": 0.3,
"vendor": "technicolor",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:technicolor:tc7200_firmware:std6.01.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tc7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen",
"sources": [
{
"db": "BID",
"id": "64668"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 0.4
},
"cve": "CVE-2014-0621",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0621",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-00093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0621",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68114",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. \nExploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. \nTechnicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "PACKETSTORM",
"id": "124649"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68114",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0621",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "30667",
"trust": 2.3
},
{
"db": "BID",
"id": "64668",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00093",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "124649",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-84042",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68114",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"id": "VAR-201401-0351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
}
],
"trust": 1.3071428699999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
}
]
},
"last_update_date": "2023-12-18T14:06:13.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TC7200 - TC7300 Cable Gateway - Technicolor",
"trust": 0.8,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/30667"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0621"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0621"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30667/"
},
{
"trust": 0.4,
"url": "http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/"
},
{
"trust": 0.3,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/system/factory"
},
{
"trust": 0.1,
"url": "http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0621"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/options"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/goform/advanced/firewall"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e//goform/advanced/ip-filters"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"db": "VULHUB",
"id": "VHN-68114"
},
{
"db": "BID",
"id": "64668"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"db": "PACKETSTORM",
"id": "124649"
},
{
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-01-02T15:02:22",
"db": "PACKETSTORM",
"id": "124649"
},
{
"date": "2014-01-08T15:30:02.730000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00093"
},
{
"date": "2014-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-68114"
},
{
"date": "2014-01-02T00:00:00",
"db": "BID",
"id": "64668"
},
{
"date": "2014-01-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001006"
},
{
"date": "2014-05-05T15:23:52.383000",
"db": "NVD",
"id": "CVE-2014-0621"
},
{
"date": "2014-01-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Technicolor TC7200 Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-102"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…