Vulnerabilities (CVE)

Filtered by vendor Technicolor Subscribe
Total 42 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20438 1 Technicolor 2 Tc7110.ar, Tc7110.ar Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
CVE-2018-20443 1 Technicolor 2 Tc7200.d1i, Tc7200.d1i Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2018-20441 1 Technicolor 2 Tc7200.th2v2, Tc7200.th2v2 Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
CVE-2018-8827 1 Technicolor 2 Tg789vac, Tg789vac Firmware 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
CVE-2018-20379 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2024-02-28 2.6 LOW 4.7 MEDIUM
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.
CVE-2018-20440 1 Technicolor 2 Cwa0101, Cwa0101 Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2018-20442 1 Technicolor 2 Tc7110.b, Tc7110.b Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor TC7110.B STC8.62.02 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests.
CVE-2018-20394 1 Technicolor 8 Dwg849, Dwg849 Firmware, Dwg850-4 and 5 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20393 1 Technicolor 16 Cga0101, Cga0101 Firmware, Cga0111 and 13 more 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20381 1 Technicolor 2 Dpc2320, Dpc2320 Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor DPC2320 dpc2300r2-v202r1244101-150420a-v6 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20439 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests.
CVE-2017-14127 1 Technicolor 2 Td5336, Td5336 Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
CVE-2017-11320 1 Technicolor 2 Tc7337, Tc7337 Firmware 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
CVE-2016-7454 1 Technicolor 2 Xfinity Gateway Router Dpc3941t, Xfinity Gateway Router Dpc3941t Firmware 2024-02-28 7.9 HIGH 8.0 HIGH
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
CVE-2014-1677 1 Technicolor 2 Tc7200, Tc7200 Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
CVE-2017-5135 1 Technicolor 2 Dpc3928sl, Dpc3928sl Firmware 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
CVE-2014-9143 1 Technicolor 1 Td5130 Router Firmware 2024-02-28 4.3 MEDIUM N/A
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
CVE-2014-9144 1 Technicolor 1 Td5130 Router Firmware 2024-02-28 7.5 HIGH N/A
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
CVE-2014-9142 1 Technicolor 1 Td5130 Router Firmware 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
CVE-2014-0620 1 Technicolor 2 Tc7200, Tc7200 Firmware 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.