196 matches found
CVE-2022-45170
CVE-2022-45170 affects LIVEBOX Collaboration vDesk (pre-v018) via the endpoint /api/v1/vencrypt/decrypt/file. A malicious user, already logged into a victim’s account, can decipher a file without the user’s key, revealing a cryptographic issue impacting confidentiality. The current sources descri...
CVE-2022-45178
The CVE-2022-45178 entry concerns LIVEBOX Collaboration vDesk v018 and earlier, where a Broken Access Control flaw exists in multiple endpoints: /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings, /settings/samlusers-settings, and /settings/users-settings. A logged-in SAM...
CVE-2022-45180
CVE-2022-45180 affects LIVEBOX Collaboration vDesk (through v018) with Broken Access Control at the /api/v1/vdesk_{DOMAIN]/export endpoint. A user authenticated to the product without special privileges can export information for all users, a function intended for administrators. Public reference...
CVE-2022-45174
CVE-2022-45174 affects LIVEBOX Collaboration vDesk versions through v018. The issue allows bypassing Two-Factor Authentication for SAML users via /login/backup_code and /api/v1/vdeskintegration/challenge, by supplying a non-validated backup code, due to improper TOTP verification. Documents descr...
CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
Improper access control
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
LIVEBOX Collaboration vDesk 安全漏洞
LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk prior to version v018, which stems from an authorization logic flaw that can be exploited by an attacker to perform a privilege escalation to the administrator role and...
CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
CVE-2022-45172
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...
CVE-2022-45172
LIVEBOX Collaboration vDesk (pre-v018) is affected by a Broken Access Control issue caused by flaws in authorization logic. The vulnerability enables a malicious user with no privileges to escalate to administrator and access other user accounts via three endpoints: /api/v1/registration/validateE...
The vulnerability in the get_getnetworkconf.cgi script of the Orange Livebo wireless router’s microprogramming software allows a attacker to gain access to protected information.
The vulnerability in the getgetnetworkconf.cgi script of the wireless router’s microprogramming system is caused by a error in the management of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using the HTTP...
Orange Livebox Cross-Site Request Forgery Vulnerability
Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. Multiple files in Orange Livebox version 00.96.320S Firmware version 00.96.320S, Boot v0.70.03, Modem version 5.4.1.10.1.1A, Hardware version 02 and Arcadyan ARV7519RW22-A-L T VR9 version 1.2 are vulnerable to cross-site request...
Orange Livebox Cross-Site Request Forgery Vulnerability (CNVD-2019-03335)
Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. In Orange Livebox version 00.96.320S Firmware version 00.96.320S, Boot v0.70.03, Modem version 5.4.1.10.1.1A, Hardware version 02 and Arcadyan ARV7519RW22-A-L T VR9 version 1.2 and Arcadyan ARV7519RW22-A-L T VR9 1.2 versions, a...
CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...
Cross site request forgery (csrf)
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...
CVE-2018-20575
Orange Livebox 00.96.320S devices have an undocumented /systemfirmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2...
CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...
CVE-2018-20577
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...
CVE-2018-20575
Orange Livebox 00.96.320S devices have an undocumented /systemfirmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2...