Sign-up

ID

VAR-201401-0351


CVE

CVE-2014-0621


TITLE

Technicolor TC7200 Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-001006

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall. (2) goform/advanced/options Extended options via request to (advanced option) Is disabled. (3) goform/advanced/ip-filters of IpFilterAddressDelete1 Via parameters ip-filters Deleted. (4) goform/advanced/firewall of cbFirewall Firewall settings are removed via parameters. The Technicolor TC7200 is a next-generation wireless home gateway device. Technicolor TC7200 is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. Technicolor TC7200 STD6.01.12 is vulnerable. Technicolor (formerly known as Thomson, Thomson) TC7200 is a modem and router product of the French Technicolor Group

Trust: 2.61

sources: NVD: CVE-2014-0621 // JVNDB: JVNDB-2014-001006 // CNVD: CNVD-2014-00093 // BID: 64668 // VULHUB: VHN-68114 // PACKETSTORM: 124649

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00093

AFFECTED PRODUCTS

vendor:technicolormodel:tc7200scope:eqversion:std6.01.12

Trust: 2.4

vendor:technicolormodel:tc7200scope:eqversion: -

Trust: 1.0

vendor:technicolormodel:tc7200scope: - version: -

Trust: 0.6

vendor:technicolormodel:tc7200 std6.01.12scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2014-00093 // BID: 64668 // JVNDB: JVNDB-2014-001006 // CNNVD: CNNVD-201401-102 // NVD: CVE-2014-0621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0621
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0621
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00093
value: LOW

Trust: 0.6

CNNVD: CNNVD-201401-102
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68114
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0621
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00093
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68114
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00093 // VULHUB: VHN-68114 // JVNDB: JVNDB-2014-001006 // CNNVD: CNNVD-201401-102 // NVD: CVE-2014-0621

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-68114 // JVNDB: JVNDB-2014-001006 // NVD: CVE-2014-0621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-102

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201401-102

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001006

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-68114

PATCH
title:TC7200 - TC7300 Cable Gateway - Technicolorurl:http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001006

EXTERNAL IDS
db:NVDid:CVE-2014-0621
Trust: 3.5
db:EXPLOIT-DBid:30667
Trust: 2.3
db:BIDid:64668
Trust: 1.0
db:JVNDBid:JVNDB-2014-001006
Trust: 0.8
db:CNNVDid:CNNVD-201401-102
Trust: 0.7
db:CNVDid:CNVD-2014-00093
Trust: 0.6
db:PACKETSTORMid:124649
Trust: 0.2
db:SEEBUGid:SSVID-84042
Trust: 0.1
db:VULHUBid:VHN-68114
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00093 // 
            
            
            
            VULHUB: VHN-68114 // 
            
            
            
            BID: 64668 // 
            
            
            
            JVNDB: JVNDB-2014-001006 // 
            
            
            
            PACKETSTORM: 124649 // 
            
            
            
            CNNVD: CNNVD-201401-102 // 
            
            
            
            NVD: CVE-2014-0621

REFERENCES
url:http://www.exploit-db.com/exploits/30667
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0621
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0621
Trust: 0.8
url:http://www.exploit-db.com/exploits/30667/
Trust: 0.6
url:http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/
Trust: 0.4
url:http://www.technicolor.com/en/solutions-services/connected-home/modems-gateways/cable-modems-gateways/tc7200-tc7300
Trust: 0.3
url:http://<ip>/goform/system/factory
Trust: 0.1
url:http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-0621
Trust: 0.1
url:http://<ip>/goform/advanced/options
Trust: 0.1
url:http://<ip>/goform/advanced/firewall
Trust: 0.1
url:http://<ip>//goform/advanced/ip-filters
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00093 // 
            
            
            
            VULHUB: VHN-68114 // 
            
            
            
            BID: 64668 // 
            
            
            
            JVNDB: JVNDB-2014-001006 // 
            
            
            
            PACKETSTORM: 124649 // 
            
            
            
            CNNVD: CNNVD-201401-102 // 
            
            
            
            NVD: CVE-2014-0621

CREDITS
Jeroen
Trust: 0.4
sources:
            
            
            BID: 64668 // 
            
            
            
            PACKETSTORM: 124649

SOURCES
db:CNVDid:CNVD-2014-00093
db:VULHUBid:VHN-68114
db:BIDid:64668
db:JVNDBid:JVNDB-2014-001006
db:PACKETSTORMid:124649
db:CNNVDid:CNNVD-201401-102
db:NVDid:CVE-2014-0621

LAST UPDATE DATE
2025-04-11T23:20:33.387000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00093date:2014-01-08T00:00:00
db:VULHUBid:VHN-68114date:2014-05-05T00:00:00
db:BIDid:64668date:2014-01-02T00:00:00
db:JVNDBid:JVNDB-2014-001006date:2014-01-10T00:00:00
db:CNNVDid:CNNVD-201401-102date:2014-01-09T00:00:00
db:NVDid:CVE-2014-0621date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00093date:2014-01-08T00:00:00
db:VULHUBid:VHN-68114date:2014-01-08T00:00:00
db:BIDid:64668date:2014-01-02T00:00:00
db:JVNDBid:JVNDB-2014-001006date:2014-01-10T00:00:00
db:PACKETSTORMid:124649date:2014-01-02T15:02:22
db:CNNVDid:CNNVD-201401-102date:2014-01-09T00:00:00
db:NVDid:CVE-2014-0621date:2014-01-08T15:30:02.730