VYPR

Vendor CVEs

Thomson

All CVEs

22 total · sorted by risk
  • CVE-2007-4553Aug 28, 2007
    risk 0.04cvss epss 0.08

    The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

  • CVE-2014-4716Jul 3, 2014
    risk 0.03cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.

  • CVE-2007-6003Nov 15, 2007
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained…

  • CVE-2006-0947Mar 1, 2006
    risk 0.03cvss epss 0.03

    Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the…

  • CVE-2006-0946Mar 1, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.

  • CVE-2005-0494Feb 21, 2005
    risk 0.03cvss epss 0.03

    The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.

  • CVE-2004-0641Aug 5, 2004
    risk 0.03cvss epss 0.03

    Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

  • CVE-2003-1085Dec 31, 2003
    risk 0.03cvss epss 0.05

    The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.

  • CVE-2018-25039Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input > as part of…

  • CVE-2018-25038Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input > as part of POST Request leads to cross…

  • CVE-2018-25037Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input > as part of POST Request…

  • CVE-2018-25036Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input…

  • CVE-2018-25035Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input > as part of POST…

  • CVE-2018-25034Jun 12, 2022
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input >…

  • CVE-2020-11618Aug 31, 2020
    risk 0.00cvss epss 0.00

    THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.

  • CVE-2020-11617Aug 31, 2020
    risk 0.00cvss epss 0.00

    The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.

  • CVE-2018-20394Dec 23, 2018
    risk 0.00cvss epss 0.02

    Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

  • CVE-2011-4506Nov 22, 2011
    risk 0.00cvss epss 0.01

    The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding"…

  • CVE-2007-5383Oct 12, 2007
    risk 0.00cvss epss 0.04

    The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka…

  • CVE-2007-5385Oct 12, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2007-5384Oct 12, 2007
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an…

  • CVE-2007-4753Sep 8, 2007
    risk 0.00cvss epss 0.02

    The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.