CVE-2014-0620

Name of the Vulnerable Software and Affected Versions Technicolor TC7200 version STD6.01.12

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the ADDNewDomain parameter to the "parental/website-filters.asp" endpoint or the VmTracerouteHost parameter to the "goform/status/diagnostics-route" endpoint.

Recommendations For Technicolor TC7200 version STD6.01.12, as a temporary workaround, consider restricting access to the "parental/website-filters.asp" and "goform/status/diagnostics-route" endpoints to minimize the risk of exploitation. Avoid using the ADDNewDomain and VmTracerouteHost parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.