Technicolor TC7200 STD6.01.12 information disclosure

A vulnerability was found in Technicolor TC7200 STD6.01.12. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. Using CWE to declare the problem leads to CWE-200. The bug was discovered 02/25/2014. The weakness was published 04/03/2017 by Jeroen with IT Nerdbox as 125388 as Posting (Bugtraq). The advisory is shared for download at securityfocus.com. This vulnerability is handled as CVE-2014-1677. The attack may be launched remotely. There are no technical details available. Furthermore, there is an exploit available. The exploit has been disclosed to the public and may be used. The current price for an exploit might be approx. USD $0-$5k at the moment. The MITRE ATT&CK project declares the attack technique as T1592. It is declared as proof-of-concept. The exploit is available at exploit-db.com. The vulnerability was handled as a non-public zero-day exploit for at least 1133 days. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: X-Force (91578).

Field04/04/2017 08:49 AM11/24/2019 08:27 PM11/24/2022 07:06 PM
vendorTechnicolorTechnicolorTechnicolor
nameTC7200TC7200TC7200
versionSTD6.01.12STD6.01.12STD6.01.12
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.54.54.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiNNN
cvss3_meta_basescore6.46.46.4
cvss3_meta_tempscore6.06.06.2
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.05.05.0
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iNNN
cvss3_nvd_aNNN
date1491177600 (04/03/2017)1491177600 (04/03/2017)1491177600 (04/03/2017)
locationBugtraqBugtraqBugtraq
typePostingPostingPosting
urlhttp://www.securityfocus.com/archive/1/archive/1/538955/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/538955/100/0/threadedhttp://www.securityfocus.com/archive/1/archive/1/538955/100/0/threaded
company_nameIT NerdboxIT NerdboxIT Nerdbox
availability111
date1393286400 (02/25/2014)1393286400 (02/25/2014)1393286400 (02/25/2014)
publicity111
urlhttps://www.exploit-db.com/exploits/31894/https://www.exploit-db.com/exploits/31894/https://www.exploit-db.com/exploits/31894/
developer_nameJeroenJeroenJeroen
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2014-1677CVE-2014-1677CVE-2014-1677
cve_assigned1390694400 (01/26/2014)1390694400 (01/26/2014)1390694400 (01/26/2014)
cve_nvd_published149117760014911776001491177600
cve_nvd_summaryTechnicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
xforce915789157891578
exploitdb318943189431894
exploitdb_date1393286400 (02/25/2014)1393286400 (02/25/2014)1393286400 (02/25/2014)
openvas_id801436801436801436
openvas_filenamegb_technicolor_tc7200_information_disclose_vuln.naslgb_technicolor_tc7200_information_disclose_vuln.naslgb_technicolor_tc7200_information_disclose_vuln.nasl
openvas_titleTechnicolor TC7200 Information Disclosure VulnerabilityTechnicolor TC7200 Information Disclosure VulnerabilityTechnicolor TC7200 Information Disclosure Vulnerability
openvas_familyWeb application abusesWeb application abusesWeb application abuses
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_ePPP
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days113311331133
person_nicknameJeroenJeroenJeroen
cvss3_nvd_basescore7.57.57.5
discoverydate13932864001393286400
osvdb103712103712
osvdb_titleCVE-2014-1677 - Technicolor - TC7200 - Information Disclosure IssueCVE-2014-1677 - Technicolor - TC7200 - Information Disclosure Issue
identifier125388
cvss2_nvd_basescore5.0

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!