Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2018-20377

Published: Dec 23, 2018 | Modified: Oct 03, 2019
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-20377
CWEhttps://cwe.mitre.org/data/definitions/.html

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Affected Software

Name Vendor Start Version End Version
Arv7519rw22_livebox_2.1_firmware Orange 00.96.00.96.609es (including) 00.96.00.96.609es (including)
Arv7519rw22_livebox_2.1_firmware Orange 00.96.00.96.613 (including) 00.96.00.96.613 (including)
Arv7519rw22_livebox_2.1_firmware Orange 00.96.217 (including) 00.96.217 (including)
Arv7519rw22_livebox_2.1_firmware Orange 00.96.321s (including) 00.96.321s (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use