Command Injection Vulnerability in Technicolor TD5336 by Technicolor
CVE-2017-14127

9.8CRITICAL

Key Information:

Vendor: Technicolor
Status: Td5336 Firmware
Vendor: CVE Published:; 4 September 2017

🔔 Create Technicolor Vulnerability Alert

What is CVE-2017-14127?

The Technicolor TD5336 OI_Fw_v7 devices have a critical command injection vulnerability in the web interface's ping module. This flaw allows remote attackers to execute arbitrary operating system commands with root privileges by exploiting shell metacharacters in the pingAddr parameter within mnt_ping.cgi. This security weakness poses significant risks, enabling unauthorized command execution that could lead to system compromise and data breaches.

References

http://jordyf.me/2017/09/02/technicolor-pwn.html

x_refsource_MISC

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2017
Vulnerability Reserved
Sep 4, 2017