Technicolor TC7230 STEB 01.25 Improper Input Validation Vulnerability

Summary

The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim’s browser. 

Credit:

The information has been provided by Alexander Dalsgaard Krog

The original article can be found at:https://cablehaunt.com


Details

The attacker can then configure the cable modem to port forward the modem’s internal TELNET server, allowing external access to a root shell.

 

Vulnerable Systems:

Technicolor TC7230 STEB 01.25

 

CVE Information:

CVE-2019-19495

 

Disclosure Timeline:
Published Date:1/8/2020

Categories: News