Vulnerabilities > Orange > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-20577 Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF.
network
low complexity
orange CWE-352
critical
9.1
2018-12-23 CVE-2018-20377 Unspecified vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware
Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value.
network
low complexity
orange
critical
9.8
2018-10-16 CVE-2018-18375 Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
network
low complexity
orange CWE-330
critical
9.8