CVE-2018-14995

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a buil...

Cross site request forgery (csrf)

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

Cross site request forgery (csrf)

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

CVE-2018-20577

CVE-2018-20577 affects Orange Livebox 00.96.320S devices. The vulnerability is described as CSRF allowing forged requests via endpoints: /cgi-bin/restore.exe, /cgi-bin/firewall_SPI.exe, /cgi-bin/setup_remote_mgmt.exe, /cgi-bin/setup_pass.exe, and /cgi-bin/upgradep.exe. The associated hardware/fir...

19K Orange Livebox Modems Open to Attack

A flaw in Orange Livebox ADSL modems allows remote, unauthenticated users to obtain the device’s SSID and WiFi password with a simple GET request. Troy Mursch at Bad Packets said that the company’s honeypots observed a GET request scan right before Christmas targeting the modems, which are used t...

Orange Livebox ADSL modem Information Disclosure (CVE-2018-20377)

An Information Disclosure vulnerability exists in Orange Livebox ADSL modems. A remote attacker may exploit this vulnerability by sending a specially crafted request. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

The vulnerability of the Qualcomm Modem IP Stack component in the Android operating system allows a hacker to induce a service failure.

The vulnerability of the Qualcomm Modem IP Stack component in the Android operating system is related to the use of the assert function or similar operators. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

CVE-2018-20377

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /getgetnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03,...

CVE-2018-20377

Orange Livebox ADSL modems (e.g., Arcadyan ARV7519RW22-A-L T VR9 1.2; firmware 00.96.320S) expose Wi‑Fi credentials via unauthenticated GET /get_getnetworkconf.cgi on port 8080. The underlying issue is information disclosure where the webserver returns the SSID and Wi‑Fi password in plaintext, en...

CVE-2018-20377

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /getgetnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03,...

Cross site scripting

Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client...

CVE-2018-20373

Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client...

CVE-2018-20373

The CVE-2018-20373 entry affects Tenda ADSL modem routers (version 1.0.1) and is caused by a cross-site scripting (XSS) vulnerability triggered via the hostname of a DHCP client. The connected records corroborate: Cross-site scripting vulnerability in Tenda ADSL modem routers 1.0.1; exploitation ...

CVE-2018-20373

Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client...

KoffeyMaker: notebook vs. ATM

Despite CCTV and the risk of being caught by security staff, attacks on ATMs using a direct connection — so-called black box attacks — are still popular with cybercriminals. The main reason is the low "entry requirements" for would-be cyber-robbers: specialized sites offer both the necessary tool...

Multiple Qualcomm Snapdragon Products Information Disclosure Vulnerability (CNVD-2018-25411)

The Qualcomm MDM9206 and others are products of Qualcomm Incorporated of the U.S. The Qualcomm MDM9206 is a central processing unit CPU.The SDX24 is a modem. An information disclosure vulnerability exists in the MODEM in multiple Qualcomm Snapdragon products, which can be exploited by attackers t...