Cross-Site Scripting Vulnerabilities in Technicolor TC7200 Router
CVE-2014-0620

Currently unrated

Key Information:

Vendor: Technicolor
Status: Tc7200 Firmware; Tc7200
Vendor: CVE Published:; 8 January 2014

🔔 Create Technicolor Vulnerability Alert

What is CVE-2014-0620?

The Technicolor TC7200 router contains multiple cross-site scripting (XSS) vulnerabilities that expose it to attacks. Remote adversaries can exploit these flaws to inject arbitrary web scripts or HTML code through specific parameters such as ADDNewDomain to parental/website-filters.asp or VmTracerouteHost within the goform/status/diagnostics-route endpoint. This could lead to unauthorized access to sensitive user data or hijacking of user sessions.

References

http://www.exploit-db.com/exploits/30668

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/64672

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2014
Vulnerability Reserved
Jan 1, 2014