Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Thomson Security Vulnerabilities

cve
cve

CVE-2004-0641

Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

7.6AI Score

0.012EPSS

2005-04-14 04:00 AM
45
cve
cve

CVE-2005-0494

The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.

7.6AI Score

0.05EPSS

2005-02-21 05:00 AM
27
cve
cve

CVE-2006-0946

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page.

5.8AI Score

0.065EPSS

2006-03-01 02:02 AM
25
cve
cve

CVE-2006-0947

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due t...

6.6AI Score

0.051EPSS

2006-03-01 02:02 AM
21
cve
cve

CVE-2007-4553

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.

6.5AI Score

0.185EPSS

2007-08-28 12:17 AM
26
cve
cve

CVE-2007-4753

The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.

6.6AI Score

0.185EPSS

2007-09-08 12:17 AM
19
cve
cve

CVE-2007-6003

Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third par...

5.6AI Score

0.001EPSS

2007-11-15 10:46 PM
25
cve
cve

CVE-2014-4716

Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.

7.4AI Score

0.01EPSS

2014-07-03 02:55 PM
17