RSS   Vulnerabilities for 'Airbox firmware'   RSS

2018-10-15
 
CVE-2018-18377

CWE-254
 

 
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

 
 
CVE-2018-18376

CWE-200
 

 
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

 
 
CVE-2018-18375

CWE-255
 

 
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.

 

 >>> Vendor: Orange 2 Products
Livebox 1.1 firmware
Airbox firmware


Copyright 2018, cxsecurity.com

 

Back to Top