VYPR

Vendor CVEs

Technicolor

All CVEs

39 total · sorted by risk
  • CVE-2017-11502CriJul 20, 2017
    risk 0.67cvss 9.8epss 0.07

    Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.

  • CVE-2017-14127CriSep 4, 2017
    risk 0.64cvss 9.8epss 0.03

    Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.

  • CVE-2017-5135CriApr 27, 2017
    risk 0.64cvss 9.1epss 0.17

    Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the…

  • CVE-2016-7454HigDec 17, 2016
    risk 0.55cvss 8.0epss 0.03

    CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.

  • CVE-2014-1677HigApr 3, 2017
    risk 0.53cvss 7.5epss 0.18

    Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.

  • CVE-2024-3780HigApr 15, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.

  • CVE-2017-9522HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.01

    The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame.

  • CVE-2017-11320MedAug 3, 2017
    risk 0.43cvss 6.1epss 0.02

    Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.

  • CVE-2018-16310MedSep 6, 2018
    risk 0.42cvss 6.5epss 0.01

    Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior…

  • CVE-2018-15907MedAug 29, 2018
    risk 0.42cvss 6.5epss 0.01

    Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the…

  • CVE-2018-15852MedAug 25, 2018
    risk 0.42cvss 6.5epss 0.01

    Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or…

  • CVE-2024-28091MedMar 28, 2024
    risk 0.40cvss 6.1epss 0.00

    Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion).

  • CVE-2024-28090MedMar 28, 2024
    risk 0.35cvss 5.4epss 0.04

    Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp.

  • CVE-2019-18396Oct 31, 2019
    risk 0.08cvss epss 0.16

    An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to…

  • CVE-2014-9144Dec 5, 2014
    risk 0.04cvss epss 0.09

    Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).

  • CVE-2014-9143Dec 5, 2014
    risk 0.03cvss epss 0.04

    Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.

  • CVE-2014-9142Dec 5, 2014
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.

  • CVE-2014-0621Jan 8, 2014
    risk 0.03cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable…

  • CVE-2014-0620Jan 8, 2014
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to…

  • CVE-2023-47352Jan 22, 2024
    risk 0.00cvss epss 0.00

    Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords.

  • CVE-2023-31808Sep 19, 2023
    risk 0.00cvss epss 0.01

    Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.

  • CVE-2020-11449Apr 1, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Technicolor TC7337 8.89.17 devices. An attacker can discover admin credentials in the backup file, aka backupsettings.conf.

  • CVE-2020-10376Mar 11, 2020
    risk 0.00cvss epss 0.01

    Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header.

  • CVE-2019-19495Jan 8, 2020
    risk 0.00cvss epss 0.04

    The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET…

  • CVE-2019-17523Nov 13, 2019
    risk 0.00cvss epss 0.01

    An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the FileName parameter to /FTPDiag.asp.

  • CVE-2019-17524Nov 13, 2019
    risk 0.00cvss epss 0.01

    An XSS vulnerability on Technicolor TC7300 STFA.51.20 devices allows remote attackers to inject arbitrary web script via the "Connected Clients" field to /wlanAccess.asp. An intranet host can use a crafted hostname to exploit this.

  • CVE-2015-7276Nov 6, 2019
    risk 0.00cvss epss 0.01

    Technicolor C2000T and C2100T uses hard-coded cryptographic keys.

  • CVE-2018-8827Jan 3, 2019
    risk 0.00cvss epss 0.01

    The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer…

  • CVE-2018-20442Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20438Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20441Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.

  • CVE-2018-20439Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20440Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20443Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20444Dec 25, 2018
    risk 0.00cvss epss 0.01

    Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.

  • CVE-2018-20393Dec 23, 2018
    risk 0.00cvss epss 0.02

    Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT,…

  • CVE-2018-20381Dec 23, 2018
    risk 0.00cvss epss 0.02

    Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2018-20379Dec 23, 2018
    risk 0.00cvss epss 0.01

    Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.

  • CVE-2011-4506Nov 22, 2011
    risk 0.00cvss epss 0.01

    The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding"…