Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-18375 | 1 Orange | 2 Airbox, Airbox Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | |||||
CVE-2018-18377 | 1 Orange | 2 Airbox, Airbox Firmware | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. | |||||
CVE-2018-18376 | 1 Orange | 2 Airbox, Airbox Firmware | 2018-12-06 | 5.0 MEDIUM | 7.5 HIGH |
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. |