CVE-2017-11320

MEDIUM

Technicolor TC7337 Firmware 08.89.17.20.00 - Persistent Cross-Site Scripting via Wi-Fi SSID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-11320. PoCs published by Geolado giolado.

AI-analyzed exploit summary This exploit leverages a stored XSS vulnerability in Technicolor TC7337 routers via the SSID field to execute arbitrary JavaScript. The PoC demonstrates credential theft, router reboot, and DNS poisoning by abusing CSRF tokens and unauthenticated AJAX requests.

Description

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.

Exploits (1)

exploitdb WORKING POC

by Geolado giolado · htmlwebappshardware

https://www.exploit-db.com/exploits/42427

View Code ZIP pw:eip

This exploit leverages a stored XSS vulnerability in Technicolor TC7337 routers via the SSID field to execute arbitrary JavaScript. The PoC demonstrates credential theft, router reboot, and DNS poisoning by abusing CSRF tokens and unauthenticated AJAX requests.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Technicolor TC7337 (firmware version unspecified)

No auth needed

Prerequisites: Victim must connect to a malicious Wi-Fi network with a crafted SSID · Attacker must host a malicious JavaScript payload on a controlled domain

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript T1190 - Exploit Public-Facing Application T1185 - Browser Session Hijacking T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2017/Aug/3

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42427/

Scores

CVSS v3 6.1

EPSS 0.0040

EPSS Percentile 61.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

technicolor/tc7337_firmware 08.89.17.20.00

Published Aug 03, 2017

Tracked Since Feb 18, 2026