Vulnerabilities > CVE-2018-18377 - Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

orange

CWE-862

NVD

Published: 2018-10-16

Updated: 2019-10-03

Summary

goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

Vulnerable Configurations

Part	Description	Count
OS	Orange Orange Airbox Firmware Y858_Fl_01.16_04	1
Hardware	Orange Orange Airbox -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/remix30303/AirBoxDoom