Vulnerabilities > Orange > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-20577 Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF.
network
low complexity
orange CWE-352
critical
9.4
2018-12-23 CVE-2018-20377 Unspecified vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware
Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value.
network
low complexity
orange
critical
10.0
2017-11-15 CVE-2014-3150 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
network
low complexity
orange CWE-254
critical
9.0