CVE-2018-8827

Name: CVE-2018-8827
Creator: NVD / NIST
Published: 2019-01-03T23:29:00.277+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.22%

Last modified Jun 17, 2026

CVE-2018-8827 is a vulnerability of currently unknown severity. The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.

Description

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.

Metrics

EPSS Probability

1.22%

64.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Technicolor	Tg789vac Firmware	16.3.7190-2761005-20161004084353

References

http://45.32.113.185/075a6fa2d5db3bf3457896bee6db6787.htmlExploit, Third Party Advisory
http://45.32.113.185/075a6fa2d5db3bf3457896bee6db6787.htmlExploit, Third Party Advisory

Timeline

Published: Jan 3, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-8827?

How severe is CVE-2018-8827?

Severity scoring for CVE-2018-8827 is pending analysis. The EPSS model estimates a 1.22% probability of exploitation in the next 30 days.

How do I fix CVE-2018-8827?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-8827?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST