CVE-2018-18375

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

EUVD-2018-10107

Malware in sbrugna...

CVE-2018-18376

goform/getWlanClientInfo in Orange AirBox Y858FL01.1604 allows remote attackers to discover information about currently connected devices hostnames, IP addresses, MAC addresses, and connection time via the rand parameter...

Orange AirBox Information Disclosure Vulnerability

Orange AirBox is a portable wireless router product from Orange Luxembourg. A security vulnerability exists in goform/getWlanClientInfo in Orange AirBox version Y858FL01.1604. A remote attacker can exploit the vulnerability to obtain information about the currently connected device hostname, IP...

CVE-2018-18376

goform/getWlanClientInfo in Orange AirBox Y858FL01.1604 allows remote attackers to discover information about currently connected devices hostnames, IP addresses, MAC addresses, and connection time via the rand parameter...

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

CVE-2018-18375

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

Command injection

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...

Design/Logic Flaw

goform/getWlanClientInfo in Orange AirBox Y858FL01.1604 allows remote attackers to discover information about currently connected devices hostnames, IP addresses, MAC addresses, and connection time via the rand parameter...

Default credentials

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18375

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18376

CVE-2018-18376 : Affected product is Orange AirBox Y858_FL_01.16_04. The vulnerability resides in goform/getWlanClientInfo, which allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter....

CVE-2018-18375

goform/getProfileList in Orange AirBox Y858FL01.1604 allows attackers to extract APN data name, number, username, and password via the rand parameter...

CVE-2018-18375

The Red Hat/ NVD entry describes CVE-2018-18375 affecting Orange AirBox Y858_FL_01.16_04: the function goform/getProfileList can be queried with the rand parameter to extract APN data (name, number, username, password). The connected records confirm the vulnerable endpoint and data exposure but d...

CVE-2018-18377

CVE-2018-18377 affects Orange AirBox Y858_FL_01.16_04 devices. The flaw allows an attacker to trigger the goform/setReset endpoint to reset the router to factory settings. This reset enables login with default credentials (admin:admin), as described in the Red Hat entry and NVD description. The a...

CVE-2018-18377

goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...