Vulnerabilities > Orange > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-28 CVE-2018-20576 Cross-Site Request Forgery (CSRF) vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number.
network
orange CWE-352
5.8
2018-12-28 CVE-2018-20575 Improper Input Validation vulnerability in Orange Arv7519Rw22 Livebox 2.1 Firmware 00.96.320S
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update.
network
low complexity
orange CWE-20
5.0
2018-10-16 CVE-2018-18377 Missing Authorization vulnerability in Orange Airbox Firmware Y858Fl01.1604
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
network
low complexity
orange CWE-862
5.0
2018-10-16 CVE-2018-18376 Information Exposure vulnerability in Orange Airbox Firmware Y858Fl01.1604
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
network
low complexity
orange CWE-200
5.0
2018-10-16 CVE-2018-18375 Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
network
low complexity
orange CWE-330
5.0