6 matches found
CVE-2018-18377
goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...
Command injection
goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...
CVE-2018-18377
goform/setReset on Orange AirBox Y858FL01.1604 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials...
CVE-2018-18377
CVE-2018-18377 affects Orange AirBox Y858_FL_01.16_04 devices. The flaw allows an attacker to trigger the goform/setReset endpoint to reset the router to factory settings. This reset enables login with default credentials (admin:admin), as described in the Red Hat entry and NVD description. The a...
CVE-2018-18376
CVE-2018-18376 : Affected product is Orange AirBox Y858_FL_01.16_04. The vulnerability resides in goform/getWlanClientInfo, which allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter....
CVE-2018-18375
The Red Hat/ NVD entry describes CVE-2018-18375 affecting Orange AirBox Y858_FL_01.16_04: the function goform/getProfileList can be queried with the rand parameter to extract APN data (name, number, username, password). The connected records confirm the vulnerable endpoint and data exposure but d...