Vulnerabilities > Orange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-20575 | Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. | 7.5 |
| 2018-10-16 | CVE-2018-18377 | Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | 7.5 |
| 2018-10-16 | CVE-2018-18376 | Information Exposure vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. | 7.5 |
| 2017-11-15 | CVE-2014-3150 | 7PK - Security Features vulnerability in Orange Livebox 1.1 Firmware 26014A Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | 8.8 |