← Back

CVE-2018-20377

nvd nist
Published: Dec 23, 2018Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Affected (4)

Orange
1 product
Arv7519rw22 Livebox 2.1 Firmware
Configuration A
4 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Orange
Arv7519rw22 Livebox 2.1 Firmware
Version 00.96.00.96.609es
Arv7519rw22 Livebox 2.1 Firmware
Version 00.96.00.96.613
Arv7519rw22 Livebox 2.1 Firmware
Version 00.96.217
Arv7519rw22 Livebox 2.1 Firmware
Version 00.96.321s
Running on/withPlatform Versions
Orange
Arv7519rw22 Livebox 2.1
All versions

References (8)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.