Skip to main content

Arv7519Rw22 Livebox 2 1 Firmware

4 CVEs product

Monthly

CVE-2018-20577 CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
9.1
EPSS
0.6%
CVE-2018-20576 MEDIUM POC This Month

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-20575 HIGH POC This Week

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-20377 CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
7.7%
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy