Vulnerabilities > Orange
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-20577 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. | 9.1 |
| 2018-12-28 | CVE-2018-20576 | Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. | 5.4 |
| 2018-12-28 | CVE-2018-20575 | Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. | 7.5 |
| 2018-12-23 | CVE-2018-20377 | Unspecified vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. | 9.8 |
| 2018-10-16 | CVE-2018-18377 | Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | 7.5 |
| 2018-10-16 | CVE-2018-18376 | Information Exposure vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | 7.5 |
| 2018-10-16 | CVE-2018-18375 | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 9.8 |
| 2017-11-15 | CVE-2014-3150 | 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 8.8 |