Technicolor
Products
31- 6 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 31 products →
Recent CVEs
39| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11502 | Cri | 0.67 | 9.8 | 0.07 | Jul 20, 2017 | Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321. | ||
| CVE-2017-14127 | Cri | 0.64 | 9.8 | 0.03 | Sep 4, 2017 | Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | ||
| CVE-2017-5135 | Cri | 0.64 | 9.1 | 0.17 | Apr 27, 2017 | Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the… | ||
| CVE-2016-7454 | Hig | 0.55 | 8.0 | 0.03 | Dec 17, 2016 | CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | ||
| CVE-2014-1677 | Hig | 0.53 | 7.5 | 0.18 | Apr 3, 2017 | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | ||
| CVE-2024-3780 | Hig | 0.51 | 7.8 | 0.00 | Apr 15, 2024 | A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords. | ||
| CVE-2017-9522 | Hig | 0.49 | 7.5 | 0.01 | Jul 31, 2017 | The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame. | ||
| CVE-2017-11320 | Med | 0.43 | 6.1 | 0.02 | Aug 3, 2017 | Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router. | ||
| CVE-2018-16310 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2018 | Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior… | ||
| CVE-2018-15907 | Med | 0.42 | 6.5 | 0.01 | Aug 29, 2018 | Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the… | ||
| CVE-2018-15852 | Med | 0.42 | 6.5 | 0.01 | Aug 25, 2018 | Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or… | ||
| CVE-2024-28091 | Med | 0.40 | 6.1 | 0.00 | Mar 28, 2024 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion). | ||
| CVE-2024-28090 | Med | 0.35 | 5.4 | 0.04 | Mar 28, 2024 | Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. | ||
| CVE-2019-18396 | 0.08 | — | 0.16 | Oct 31, 2019 | An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to… | |||
| CVE-2014-9144 | 0.04 | — | 0.09 | Dec 5, 2014 | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | |||
| CVE-2014-9143 | 0.03 | — | 0.04 | Dec 5, 2014 | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | |||
| CVE-2014-9142 | 0.03 | — | 0.03 | Dec 5, 2014 | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | |||
| CVE-2014-0621 | 0.03 | — | 0.01 | Jan 8, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable… | |||
| CVE-2014-0620 | 0.03 | — | 0.01 | Jan 8, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to… | |||
| CVE-2023-47352 | 0.00 | — | 0.00 | Jan 22, 2024 | Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. |
- risk 0.67cvss 9.8epss 0.07
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
- risk 0.64cvss 9.8epss 0.03
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
- risk 0.64cvss 9.1epss 0.17
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the…
- risk 0.55cvss 8.0epss 0.03
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
- risk 0.53cvss 7.5epss 0.18
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
- risk 0.51cvss 7.8epss 0.00
A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.
- risk 0.49cvss 7.5epss 0.01
The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame.
- risk 0.43cvss 6.1epss 0.02
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
- risk 0.42cvss 6.5epss 0.01
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior…
- risk 0.42cvss 6.5epss 0.01
Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the…
- risk 0.42cvss 6.5epss 0.01
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or…
- risk 0.40cvss 6.1epss 0.00
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion).
- risk 0.35cvss 5.4epss 0.04
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.
- CVE-2019-18396Oct 31, 2019risk 0.08cvss —epss 0.16
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to…
- CVE-2014-9144Dec 5, 2014risk 0.04cvss —epss 0.09
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
- CVE-2014-9143Dec 5, 2014risk 0.03cvss —epss 0.04
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
- CVE-2014-9142Dec 5, 2014risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
- CVE-2014-0621Jan 8, 2014risk 0.03cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable…
- CVE-2014-0620Jan 8, 2014risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to…
- CVE-2023-47352Jan 22, 2024risk 0.00cvss —epss 0.00
Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords.