CRITICAL🇬🇧 English

CVE-2019-19495

CVSS 9.8v3.1pub. 2020-01-08upd. 2024-11-21

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Technicolor Tc7230 Steb

    HW
    Technicolor
    wszystkie wersje
  • Technicolor Tc7230 Steb Firmware

    OS
    Technicolor
    0.1.25
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-19494HIGH8.8ten sam produkt

Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote...

CVE-2020-10376CRITICAL9.8ten sam vendor

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the netw...

CVE-2018-20440CRITICAL9.8ten sam vendor

Technicolor CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC devices allow remote attackers to discover Wi-Fi crede...

CVE-2018-20438CRITICAL9.8ten sam vendor

Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4....

CVE-2018-20439CRITICAL9.8ten sam vendor

Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a devices allow remote attackers to discover Wi-F...

CVE-2019-19495 — CRITICAL 9.8 | CVEbaza.pl