Known Vulnerabilities for products from Orange
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Orange".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-20577 json | Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin... | 9.1 - CRITICAL | 2018-12-28 | 2019-01-22 |
| CVE-2018-20576 json | Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outboun... | 5.4 - MEDIUM | 2018-12-28 | 2019-01-23 |
| CVE-2018-20575 json | Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related ... | 7.5 - HIGH | 2018-12-28 | 2019-01-23 |
| CVE-2018-20377 json | Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 80... | 9.8 - CRITICAL | 2018-12-23 | 2019-10-03 |
| CVE-2018-18377 json | goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can b... | 7.5 - HIGH | 2018-10-16 | 2019-10-03 |
| CVE-2018-18376 json | goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently co... | 7.5 - HIGH | 2018-10-16 | 2018-12-06 |
| CVE-2018-18375 json | goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and pas... | 9.8 - CRITICAL | 2018-10-16 | 2019-10-03 |
| CVE-2014-3150 json | Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or ob... | 8.8 - HIGH | 2017-11-15 | 2017-12-05 |