CVE-2014-0621
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-0621
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Technicolor TC7200 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Technicolor(前称Thomson,汤姆逊) TC7200是法国特艺(Technicolor)集团的一款调制解调器和路由器产品。 Technicolor TC7200 STD6.01.12版本中存在跨站请求伪造漏洞。攻击者可利用该漏洞(1)发送请求到goform/system/factory链接,执行恢复出厂设置(2)发送请求到goform/advanced/options链接禁用高级选项(3)借助IpFilterAddressDelete1参数发送到goform/advanced/ip-filt
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2014-0621
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-0621
请登录查看更多情报信息。
Same Patch Batch · n/a · 2014-01-08 · 20 CVEs total
| CVE-2013-7097 | 7 Media eduTrac 目录遍历漏洞 | |
| CVE-2014-1232 | WordPress Foliopress WYSIWYG插件跨站脚本漏洞 | |
| CVE-2014-0620 | Technicolor TC7200 跨站脚本漏洞 | |
| CVE-2013-7280 | Hanso Player ‘.m3u’文件远程缓冲区溢出漏洞 | |
| CVE-2013-7279 | WordPress S3 Video插件‘base’参数跨站脚本漏洞 | |
| CVE-2013-7278 | Naxtech CMS Afroditi ‘id’参数SQL注入漏洞 | |
| CVE-2013-7277 | Andy's PHP Knowledgebase 跨站脚本漏洞 | |
| CVE-2013-7276 | Wordpress Recommend To a Friend插件‘current_url’参数跨站脚本漏洞 | |
| CVE-2013-7275 | MyBB 跨站脚本漏洞 | |
| CVE-2013-7274 | Wallpaper Script ‘name’参数HTML注入漏洞 | |
| CVE-2013-6982 | Cisco NX-OS BGP Message 拒绝服务漏洞 | |
| CVE-2013-7281 | Linux kernel ‘dgram_recvmsg’函数内存泄露漏洞 | |
| CVE-2014-0657 | Cisco Unified Communications Manager 未授权访问漏洞 | |
| CVE-2014-0656 | Cisco Context Directory Agent 安全漏洞 | |
| CVE-2014-0655 | Cisco ASA Software 安全漏洞 | |
| CVE-2014-0654 | Cisco Context Directory Agent 安全漏洞 | |
| CVE-2014-0653 | Cisco ASA Software 安全漏洞 | |
| CVE-2014-0652 | Cisco Context Directory Agent 跨站脚本漏洞 | |
| CVE-2014-0651 | Cisco Context Directory Agent 提权漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2014-0621
No comments yet