Vendor
Technicolor
Products
8
CVEs
10
Across products
13
Status
Private
Products
8- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
10| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14127 | Cri | 0.65 | 9.8 | 0.14 | Sep 4, 2017 | Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi. | |
| CVE-2017-5135 | Cri | 0.64 | 9.1 | 0.22 | Apr 27, 2017 | Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability. | |
| CVE-2016-7454 | Hig | 0.55 | 8.0 | 0.01 | Dec 17, 2016 | CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | |
| CVE-2014-1677 | Hig | 0.54 | 7.5 | 0.28 | Apr 3, 2017 | Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information. | |
| CVE-2014-9144 | 0.04 | — | 0.09 | Dec 5, 2014 | Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter). | ||
| CVE-2014-9143 | 0.03 | — | 0.04 | Dec 5, 2014 | Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter. | ||
| CVE-2014-9142 | 0.03 | — | 0.03 | Dec 5, 2014 | Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter. | ||
| CVE-2014-0621 | 0.03 | — | 0.00 | Jan 8, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. | ||
| CVE-2014-0620 | 0.03 | — | 0.01 | Jan 8, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. | ||
| CVE-2011-4506 | 0.00 | — | 0.01 | Nov 22, 2011 | The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. |