Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Technicolor Subscribe
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-25034 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2023-02-23 3.5 LOW 5.4 MEDIUM
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695.
CVE-2018-25039 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2022-06-21 3.5 LOW 5.4 MEDIUM
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-25038 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2022-06-21 3.5 LOW 5.4 MEDIUM
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-25037 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2022-06-21 3.5 LOW 5.4 MEDIUM
A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-25036 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2022-06-21 3.5 LOW 5.4 MEDIUM
A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-25035 1 Technicolor 2 Thomson Tcw710, Thomson Tcw710 Firmware 2022-06-21 3.5 LOW 5.4 MEDIUM
A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2018-20381 1 Technicolor 2 Dpc2320, Dpc2320 Firmware 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20393 1 Technicolor 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more 2020-08-24 5.0 MEDIUM 9.8 CRITICAL
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2020-11449 1 Technicolor 2 Tc7337, Tc7337 Firmware 2020-04-02 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.
CVE-2020-10376 1 Technicolor 2 Tc7337net, Tc7337net Firmware 2020-03-17 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.
CVE-2019-18396 1 Technicolor 2 Td5130v2, Td5130v2 Firmware 2020-02-10 9.0 HIGH 7.2 HIGH
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
CVE-2019-19494 4 Compal, Netgear, Sagemcom and 1 more 14 7284e, 7284e Firmware, 7486e and 11 more 2020-01-28 9.3 HIGH 8.8 HIGH
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVE-2019-19495 1 Technicolor 2 Tc7230 Steb, Tc7230 Steb Firmware 2020-01-22 10.0 HIGH 9.8 CRITICAL
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.
CVE-2019-17523 1 Technicolor 2 Tc7300.b0, Tc7300.b0 Firmware 2019-11-15 3.5 LOW 5.4 MEDIUM
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.
CVE-2019-17524 1 Technicolor 2 Tc7300.b0, Tc7300.b0 Firmware 2019-11-15 3.5 LOW 5.4 MEDIUM
An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.
CVE-2015-7276 1 Technicolor 4 C2000t, C2000t Firmware, C2100t and 1 more 2019-11-08 4.3 MEDIUM 5.9 MEDIUM
Technicolor C2000T and C2100T uses hard-coded cryptographic keys.
CVE-2018-20439 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2017-5135 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2019-10-02 6.4 MEDIUM 9.1 CRITICAL
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
CVE-2018-15852 1 Technicolor 2 Tc7200.20, Tc7200.20 Firmware 2019-10-02 6.1 MEDIUM 6.5 MEDIUM
** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.
CVE-2018-15907 1 Technicolor 2 Tc8305c, Tc8305c Firmware 2019-10-02 6.1 MEDIUM 6.5 MEDIUM
** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions.