Vulnerabilities > Orange > Airbox Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-16 | CVE-2018-18377 | Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | 7.5 |
2018-10-16 | CVE-2018-18376 | Information Exposure vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | 7.5 |
2018-10-16 | CVE-2018-18375 | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 9.8 |