Orange Livebox Information Disclosure Vulnerability

Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker can exploit the vulnerability by sending a GET request to the /getgetnetworkconf.cgi URI to obtain the SSID and WI-FI password of the device...

CVE-2018-20377

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /getgetnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03,...