CVE-2014-0621

Technicolor TC7200 STD6.01.12 - Cross-Site Request Forgery via Multiple Endpoints

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0621. PoCs published by Jeroen - IT Nerdbox.

AI-analyzed exploit summary This is a writeup describing multiple CSRF vulnerabilities in Technicolor TC7200 devices. It provides HTTP POST payloads to exploit these vulnerabilities, such as factory reset, disabling advanced options, and removing firewall settings.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.

Exploits (1)

exploitdb WRITEUP
by Jeroen - IT Nerdbox · textwebappshardware
https://www.exploit-db.com/exploits/30667

This is a writeup describing multiple CSRF vulnerabilities in Technicolor TC7200 devices. It provides HTTP POST payloads to exploit these vulnerabilities, such as factory reset, disabling advanced options, and removing firewall settings.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Technicolor TC7200 STD6.01.12
No auth needed
Prerequisites: Network access to the target device · Victim interaction to trigger CSRF payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30667

Scores

EPSS 0.0109
EPSS Percentile 61.0%

Details

CWE
CWE-352
Status published
Products (2)
technicolor/tc7200
technicolor/tc7200_firmware std6.01.12
Published Jan 08, 2014
Tracked Since Feb 18, 2026