Vulnerabilities > Orange > Arv7519Rw22 Livebox 2 1 Firmware > 00.96.320s

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-20577 Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF.
network
low complexity
orange CWE-352
critical
 9.4
9.4
2018-12-28 CVE-2018-20576 Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number.
network
orange CWE-352
5.8
5.8
2018-12-28 CVE-2018-20575 Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update.
network
low complexity
orange CWE-20
5.0
5.0