Find a vulnerability
Search criteria
10 vulnerabilities by orange
VAR-201711-0023
Vulnerability from variot - Updated: 2025-04-20 23:19Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. Livebox 1.1 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Livebox is a multifunctional ADSL modem. The product can provide functions such as telephony, Internet access and TV playback. A security vulnerability exists in Livebox version 1.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "livebox 1.1",
"scope": "eq",
"trust": 1.6,
"vendor": "orange",
"version": "26014a"
},
{
"model": "livebox 1.1",
"scope": null,
"trust": 0.8,
"vendor": "orange",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_1.1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
}
]
},
"cve": "CVE-2014-3150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2014-3150",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-71089",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2014-3150",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3150",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3150",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-541",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-71089",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71089"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. Livebox 1.1 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Livebox is a multifunctional ADSL modem. The product can provide functions such as telephony, Internet access and TV playback. A security vulnerability exists in Livebox version 1.1",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3150"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "VULHUB",
"id": "VHN-71089"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3150",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-71089",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71089"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"id": "VAR-201711-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71089"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:19:45.407000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.orange.fr/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71089"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://archive.fo/tzqpd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3150"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3150"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71089"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71089"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-71089"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"date": "2017-11-15T18:29:00.327000",
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-71089"
},
{
"date": "2017-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008445"
},
{
"date": "2017-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-541"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2014-3150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Livebox 1.1 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-008445"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-541"
}
],
"trust": 0.6
}
}
VAR-201703-1113
Vulnerability from variot - Updated: 2025-04-20 23:16Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services. Livebox3Sagemcom is a modem router. A denial of service vulnerability exists in Livebox3Sagemcom that could be exploited by an attacker to prevent a system from responding to normal requests and causing a denial of service. Livebox 3 Sagemcom is prone to a local denial-of-service vulnerability. Livebox 3 Sagemcom version SG30_sip-fr-5.15.8.1 is vulnerable; other versions may also be affected. A security vulnerability exists in Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 version
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "livebox",
"scope": "eq",
"trust": 1.6,
"vendor": "sagemcom",
"version": "5.15.8.1"
},
{
"_id": null,
"model": "livebox sagemcom sg30 sip-fr-5.15.8.1",
"scope": "eq",
"trust": 0.9,
"vendor": "orange",
"version": "3"
},
{
"_id": null,
"model": "livebox",
"scope": "eq",
"trust": 0.8,
"vendor": "orange",
"version": "3 sagemcom sg30_sip-fr-5.15.8.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "BID",
"id": "96827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
},
{
"db": "NVD",
"id": "CVE-2017-6552"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
}
]
},
"credits": {
"_id": null,
"data": "Quentin Olagne",
"sources": [
{
"db": "BID",
"id": "96827"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6552",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6552",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-03093",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-114755",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6552",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6552",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6552",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-03093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-411",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114755",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-6552",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "VULMON",
"id": "CVE-2017-6552"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
},
{
"db": "NVD",
"id": "CVE-2017-6552"
}
]
},
"description": {
"_id": null,
"data": "Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services. Livebox3Sagemcom is a modem router. A denial of service vulnerability exists in Livebox3Sagemcom that could be exploited by an attacker to prevent a system from responding to normal requests and causing a denial of service. Livebox 3 Sagemcom is prone to a local denial-of-service vulnerability. \nLivebox 3 Sagemcom version SG30_sip-fr-5.15.8.1 is vulnerable; other versions may also be affected. A security vulnerability exists in Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6552"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "BID",
"id": "96827"
},
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "VULMON",
"id": "CVE-2017-6552"
}
],
"trust": 2.61
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-114755",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41565",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "VULMON",
"id": "CVE-2017-6552"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-6552",
"trust": 3.5
},
{
"db": "BID",
"id": "96827",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "41565",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "41565",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-03093",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "141525",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-114755",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-6552",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "VULMON",
"id": "CVE-2017-6552"
},
{
"db": "BID",
"id": "96827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
},
{
"db": "NVD",
"id": "CVE-2017-6552"
}
]
},
"id": "VAR-201703-1113",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "VULHUB",
"id": "VHN-114755"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
}
]
},
"last_update_date": "2025-04-20T23:16:12.545000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.orange.fr/portail"
},
{
"title": "Livebox 3 Sagemcom Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68320"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "NVD",
"id": "CVE-2017-6552"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/41565/"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/96827"
},
{
"trust": 1.7,
"url": "https://www.youtube.com/watch?v=shcs5_8mblm\u0026t=37s"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6552"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6552"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/96827/info"
},
{
"trust": 0.3,
"url": "http://www.orange.fr/portail"
},
{
"trust": 0.1,
"url": "https://www.youtube.com/watch?v=shcs5_8mblm\u0026amp;t=37s"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-03093"
},
{
"db": "VULHUB",
"id": "VHN-114755"
},
{
"db": "VULMON",
"id": "CVE-2017-6552"
},
{
"db": "BID",
"id": "96827"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
},
{
"db": "NVD",
"id": "CVE-2017-6552"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-03093",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-114755",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-6552",
"ident": null
},
{
"db": "BID",
"id": "96827",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002192",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201703-411",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-6552",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03093",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114755",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6552",
"ident": null
},
{
"date": "2017-03-09T00:00:00",
"db": "BID",
"id": "96827",
"ident": null
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002192",
"ident": null
},
{
"date": "2017-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-411",
"ident": null
},
{
"date": "2017-03-09T09:59:00.287000",
"db": "NVD",
"id": "CVE-2017-6552",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-03-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-03093",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114755",
"ident": null
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-6552",
"ident": null
},
{
"date": "2017-03-16T00:02:00",
"db": "BID",
"id": "96827",
"ident": null
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002192",
"ident": null
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-411",
"ident": null
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6552",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Livebox Sagemcom Vulnerabilities that render system unresponsiveness on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002192"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-411"
}
],
"trust": 0.6
}
}
VAR-200207-0043
Vulnerability from variot - Updated: 2025-04-03 21:36Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. GoAhead WebServer is prone to a directory traversal vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200207-0043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hard hat linux",
"scope": "eq",
"trust": 1.6,
"vendor": "montavista",
"version": "1.0"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.0,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.0,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.0,
"vendor": "goahead",
"version": "2.1.1"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.0,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "web server",
"scope": "eq",
"trust": 1.0,
"vendor": "orange",
"version": "2.1"
},
{
"model": "webserver",
"scope": "eq",
"trust": 1.0,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": "software orange web server",
"scope": "eq",
"trust": 0.3,
"vendor": "orange",
"version": "2.1"
},
{
"model": "software hard hat linux",
"scope": "eq",
"trust": 0.3,
"vendor": "montavista",
"version": "1.0"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.5"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.4"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.3"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.2"
},
{
"model": "software goahead webserver",
"scope": "eq",
"trust": 0.3,
"vendor": "goahead",
"version": "2.1.1"
}
],
"sources": [
{
"db": "BID",
"id": "89464"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89464"
}
],
"trust": 0.3
},
"cve": "CVE-2002-0680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0680",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5071",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0680",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200207-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5071",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2002-0680",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. GoAhead WebServer is prone to a directory traversal vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0680"
},
{
"db": "BID",
"id": "89464"
},
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5071",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=21607",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0680",
"trust": 2.1
},
{
"db": "OSVDB",
"id": "81099",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085",
"trust": 0.7
},
{
"db": "VULNWATCH",
"id": "20020710 [VULNWATCH] WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020719 RE: [VULNWATCH] WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020710 WP-02-0001: GOAHEAD WEB SERVER DIRECTORY TRAVERSAL + CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "BID",
"id": "89464",
"trust": 0.5
},
{
"db": "EXPLOIT-DB",
"id": "21607",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-75432",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5071",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-0680",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"db": "BID",
"id": "89464"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"id": "VAR-200207-0043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5071"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T21:36:14.407000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "alt3kx.github.io",
"trust": 0.1,
"url": "https://github.com/alt3kx/alt3kx.github.io "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2002-0680"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html"
},
{
"trust": 1.2,
"url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539"
},
{
"trust": 1.2,
"url": "http://osvdb.org/81099"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=102631742711795\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=102709382714597\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=102631742711795\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=102709382714597\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=102631742711795\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=102709382714597\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/89464"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/21607/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"db": "BID",
"id": "89464"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5071"
},
{
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"db": "BID",
"id": "89464"
},
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-5071"
},
{
"date": "2002-07-23T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"date": "2002-07-23T00:00:00",
"db": "BID",
"id": "89464"
},
{
"date": "2002-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"date": "2002-07-23T04:00:00",
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-5071"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULMON",
"id": "CVE-2002-0680"
},
{
"date": "2002-07-23T00:00:00",
"db": "BID",
"id": "89464"
},
{
"date": "2005-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200207-085"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GoAhead Web Server Directory traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200207-085"
}
],
"trust": 0.6
}
}
VAR-201810-0701
Vulnerability from variot - Updated: 2024-11-23 23:08goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. Orange AirBox Contains vulnerabilities related to security features.Information may be tampered with. Orange AirBox is a portable wireless router product of Orange Company in Luxembourg
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0701",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbox",
"scope": "eq",
"trust": 2.4,
"vendor": "orange",
"version": "y858_fl_01.16_04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:airbox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
}
]
},
"cve": "CVE-2018-18377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-18377",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-128930",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18377",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18377",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18377",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-740",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128930",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128930"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials. Orange AirBox Contains vulnerabilities related to security features.Information may be tampered with. Orange AirBox is a portable wireless router product of Orange Company in Luxembourg",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "VULHUB",
"id": "VHN-128930"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18377",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128930",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128930"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"id": "VAR-201810-0701",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128930"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:34.131000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.orange.fr/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128930"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/remix30303/airboxdoom"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18377"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18377"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128930"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128930"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-128930"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"date": "2018-10-16T01:29:00.993000",
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-128930"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011243"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-740"
},
{
"date": "2024-11-21T03:55:49.633000",
"db": "NVD",
"id": "CVE-2018-18377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange AirBox Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-740"
}
],
"trust": 0.6
}
}
VAR-201810-0700
Vulnerability from variot - Updated: 2024-11-23 23:04goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. Orange AirBox Contains an information disclosure vulnerability.Information may be obtained. OrangeAirBox is a portable wireless router product from Orange, Luxembourg. There is a security vulnerability in goform/getWlanClientInfo in the OrangeAirBoxY858_FL_01.16_04 release
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0700",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbox",
"scope": "eq",
"trust": 2.4,
"vendor": "orange",
"version": "y858_fl_01.16_04"
},
{
"model": "airbox y858 fl 01.16 04",
"scope": null,
"trust": 0.6,
"vendor": "orange",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:airbox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
}
]
},
"cve": "CVE-2018-18376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-18376",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-21605",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128929",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18376",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18376",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-18376",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-21605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-739",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. Orange AirBox Contains an information disclosure vulnerability.Information may be obtained. OrangeAirBox is a portable wireless router product from Orange, Luxembourg. There is a security vulnerability in goform/getWlanClientInfo in the OrangeAirBoxY858_FL_01.16_04 release",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18376",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-21605",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128929",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"id": "VAR-201810-0700",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
}
]
},
"last_update_date": "2024-11-23T23:04:57.188000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.fr/portail"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128929"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/remix30303/airboxleak"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18376"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"db": "VULHUB",
"id": "VHN-128929"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-128929"
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"date": "2018-10-16T01:29:00.853000",
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21605"
},
{
"date": "2018-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-128929"
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011374"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-739"
},
{
"date": "2024-11-21T03:55:49.477000",
"db": "NVD",
"id": "CVE-2018-18376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange AirBox Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011374"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-739"
}
],
"trust": 0.6
}
}
VAR-201810-0699
Vulnerability from variot - Updated: 2024-11-23 21:52goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. Orange AirBox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange AirBox is a portable wireless router product of Orange Company in Luxembourg. There is a security vulnerability in goform/getProfileList in Orange AirBox Y858_FL_01.16_04 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0699",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airbox",
"scope": "eq",
"trust": 2.4,
"vendor": "orange",
"version": "y858_fl_01.16_04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:airbox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
}
]
},
"cve": "CVE-2018-18375",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-18375",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128928",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18375",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18375",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-18375",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-738",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128928",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128928"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. Orange AirBox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange AirBox is a portable wireless router product of Orange Company in Luxembourg. There is a security vulnerability in goform/getProfileList in Orange AirBox Y858_FL_01.16_04 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18375"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "VULHUB",
"id": "VHN-128928"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18375",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-128928",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128928"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"id": "VAR-201810-0699",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128928"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:46.733000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.fr/portail"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128928"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/remix30303/airboxapnleaks"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18375"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18375"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128928"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128928"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-128928"
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"date": "2018-10-16T01:29:00.743000",
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-128928"
},
{
"date": "2019-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011373"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-738"
},
{
"date": "2024-11-21T03:55:49.323000",
"db": "NVD",
"id": "CVE-2018-18375"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange AirBox Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011373"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-738"
}
],
"trust": 0.6
}
}
VAR-201812-1155
Vulnerability from variot - Updated: 2024-11-23 21:52Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. An attacker could exploit this vulnerability to manually update the firmware
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-1155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.0,
"vendor": "orange",
"version": "00.96.320s"
},
{
"model": "livebox",
"scope": null,
"trust": 0.8,
"vendor": "orange",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
}
]
},
"cve": "CVE-2018-20575",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20575",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-131395",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20575",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20575",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-20575",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1241",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-131395",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-20575",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. An attacker could exploit this vulnerability to manually update the firmware",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "VULMON",
"id": "CVE-2018-20575"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20575",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1241",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-131395",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20575",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"id": "VAR-201812-1155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-131395"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:36.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.com/en/home"
},
{
"title": "LIVEBOX-0DAY",
"trust": 0.1,
"url": "https://github.com/zadewg/LIVEBOX-0DAY "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://github.com/zadewg/livebox-0day"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20575"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154879"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-131395"
},
{
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-131395"
},
{
"date": "2018-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"date": "2018-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"date": "2018-12-28T17:29:00.823000",
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-131395"
},
{
"date": "2019-01-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20575"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"date": "2019-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1241"
},
{
"date": "2024-11-21T04:01:45.957000",
"db": "NVD",
"id": "CVE-2018-20575"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1241"
}
],
"trust": 0.6
}
}
VAR-201812-1157
Vulnerability from variot - Updated: 2024-11-23 21:52Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains a cross-site request forgery vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The OrangeLivebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A cross-site request forgery vulnerability exists in multiple files in the OrangeLivebox00.96.320S version (Firmware00.96.320S version, Bootv0.70.03 version, Modem5.4.1.10.1.1A version, Hardware02 version, and ArcadyanARV7519RW22-A-LTVR91.2 version). A remote attacker can exploit this vulnerability to tamper with all configuration parameters. (Multiple files include: cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe and cgi-bin/upgradep.exe files)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-1157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.0,
"vendor": "orange",
"version": "00.96.320s"
},
{
"model": "livebox",
"scope": null,
"trust": 0.8,
"vendor": "orange",
"version": null
},
{
"model": "00.96.320s",
"scope": null,
"trust": 0.6,
"vendor": "livebox",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
}
]
},
"cve": "CVE-2018-20577",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20577",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03336",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-131397",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20577",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20577",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-20577",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-03336",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1243",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-131397",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains a cross-site request forgery vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. The OrangeLivebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A cross-site request forgery vulnerability exists in multiple files in the OrangeLivebox00.96.320S version (Firmware00.96.320S version, Bootv0.70.03 version, Modem5.4.1.10.1.1A version, Hardware02 version, and ArcadyanARV7519RW22-A-LTVR91.2 version). A remote attacker can exploit this vulnerability to tamper with all configuration parameters. (Multiple files include: cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe and cgi-bin/upgradep.exe files)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20577"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20577",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03336",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-131397",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"id": "VAR-201812-1157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
}
]
},
"last_update_date": "2024-11-23T21:52:36.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.com/en/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zadewg/livebox-0day"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20577"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20577"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "VULHUB",
"id": "VHN-131397"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-131397"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"date": "2018-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"date": "2018-12-28T17:29:00.917000",
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"date": "2019-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-131397"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"date": "2019-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1243"
},
{
"date": "2024-11-21T04:01:46.270000",
"db": "NVD",
"id": "CVE-2018-20577"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03336"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1243"
}
],
"trust": 0.6
}
}
VAR-201812-1156
Vulnerability from variot - Updated: 2024-11-23 21:52Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains a cross-site request forgery vulnerability.Information may be obtained and information may be altered. The OrangeLivebox is an ADSL (Asymmetric Digital Subscriber Line) modem. Cgi-bin/autodialing.exe and cgi- in the OrangeLivebox00.96.320S version (Firmware00.96.320S version, Bootv0.70.03 version, Modem5.4.1.10.1.1A version, Hardware02 version and ArcadyanARV7519RW22-A-LTVR91.2 version) A cross-site request forgery vulnerability exists in the bin/phone_test.exe file. A remote attacker can exploit this vulnerability to arbitrarily dial the phone number specified by the attacker
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-1156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.0,
"vendor": "orange",
"version": "00.96.320s"
},
{
"model": "livebox",
"scope": null,
"trust": 0.8,
"vendor": "orange",
"version": null
},
{
"model": "livebox orange livebox 00.96.320s",
"scope": null,
"trust": 0.6,
"vendor": "orange",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
}
]
},
"cve": "CVE-2018-20576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-20576",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-03335",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-131396",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-20576",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20576",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-20576",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-03335",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1242",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-131396",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains a cross-site request forgery vulnerability.Information may be obtained and information may be altered. The OrangeLivebox is an ADSL (Asymmetric Digital Subscriber Line) modem. Cgi-bin/autodialing.exe and cgi- in the OrangeLivebox00.96.320S version (Firmware00.96.320S version, Bootv0.70.03 version, Modem5.4.1.10.1.1A version, Hardware02 version and ArcadyanARV7519RW22-A-LTVR91.2 version) A cross-site request forgery vulnerability exists in the bin/phone_test.exe file. A remote attacker can exploit this vulnerability to arbitrarily dial the phone number specified by the attacker",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20576"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20576",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1242",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03335",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-131396",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"id": "VAR-201812-1156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
}
]
},
"last_update_date": "2024-11-23T21:52:36.802000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.com/en/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/zadewg/livebox-0day"
},
{
"trust": 1.7,
"url": "https://gbhackers.com/orange-adsl-modems/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20576"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20576"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"db": "VULHUB",
"id": "VHN-131396"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"date": "2018-12-28T00:00:00",
"db": "VULHUB",
"id": "VHN-131396"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"date": "2018-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"date": "2018-12-28T17:29:00.857000",
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03335"
},
{
"date": "2019-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-131396"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"date": "2019-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1242"
},
{
"date": "2024-11-21T04:01:46.107000",
"db": "NVD",
"id": "CVE-2018-20576"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1242"
}
],
"trust": 0.6
}
}
VAR-201812-0670
Vulnerability from variot - Updated: 2024-11-23 21:52Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker could exploit this vulnerability by sending a GET request to the /get_getnetworkconf.cgi URI to obtain the device's SSID and WI-FI password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0670",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "livebox",
"scope": null,
"trust": 2.4,
"vendor": "orange",
"version": null
},
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.6,
"vendor": "orange",
"version": "00.96.321s"
},
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.6,
"vendor": "orange",
"version": "00.96.00.96.613"
},
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.6,
"vendor": "orange",
"version": "00.96.00.96.609es"
},
{
"model": "arv7519rw22 livebox 2.1",
"scope": "eq",
"trust": 1.6,
"vendor": "orange",
"version": "00.96.217"
},
{
"model": "livebox",
"scope": "eq",
"trust": 0.8,
"vendor": "orange",
"version": "00.96.320s"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:orange:livebox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
}
]
},
"cve": "CVE-2018-20377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20377",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-131177",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20377",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-20377",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20377",
"trust": 1.6,
"value": "Critical"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20377",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-20377",
"trust": 0.8,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-20377",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-1036",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-131177",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-20377",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131177"
},
{
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker could exploit this vulnerability by sending a GET request to the /get_getnetworkconf.cgi URI to obtain the device\u0027s SSID and WI-FI password",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "VULHUB",
"id": "VHN-131177"
},
{
"db": "VULMON",
"id": "CVE-2018-20377"
}
],
"trust": 3.96
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20377",
"trust": 5.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-131177",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20377",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131177"
},
{
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"id": "VAR-201812-0670",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-131177"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:36.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 2.4,
"url": "https://www.orange.com/en/home"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.orange.fr/portail"
},
{
"title": "LIVEBOX-0DAY",
"trust": 0.1,
"url": "https://github.com/zadewg/LIVEBOX-0DAY "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/19k-orange-livebox-modems-open-to-attack/140376/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.6
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "https://github.com/zadewg/livebox-0day"
},
{
"trust": 1.8,
"url": "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
},
{
"trust": 1.8,
"url": "https://news.ycombinator.com/item?id=18745533"
},
{
"trust": 1.2,
"url": "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20377"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20377"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20577"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20577"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20576"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20576"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20575"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20575"
},
{
"trust": 0.6,
"url": "https://web.archive.org/web/20181223120225/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/19k-orange-livebox-modems-open-to-attack/140376/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131177"
},
{
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-131177"
},
{
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-131177"
},
{
"date": "2018-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"date": "2019-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"date": "2018-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"date": "2018-12-23T18:29:00.527000",
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-131177"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20377"
},
{
"date": "2019-01-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011738"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013687"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013686"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-1036"
},
{
"date": "2024-11-21T04:01:21.403000",
"db": "NVD",
"id": "CVE-2018-20377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Orange Livebox Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013637"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013687"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-1036"
}
],
"trust": 0.6
}
}