Over 19K Orange Livebox Modems Open to Attack [CVE-2018-20377]
Poorly secured Orange Livebox ADSL modems allows remote, unauthenticated users to obtain the device’s SSID and WiFi password with a simple GET request.
In a query to the Shodan internet of things search engine, 19,490 Orange Livebox modems were found to be leaking their WiFi credentials in plaintext.
This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. In addition, they can obtain the phone number tied to the modem and conduct other serious exploits.
As discussed here it would be possible for the victim to visit a malicious site, it will create an autodialing profile on the victim’s modem, and activate the Line Test feature. No interaction needed. The phone will ring, and when the call is answered the autodialing feature will call the attacker’s number.
Affected Models
Orange Livebox Arcadyan ARV7519 modem firmware versions 00.96.00.96.613, 00.96.00.96.609ES, 00.96.321S and 00.96.217 are affected by the flaw.
These versions are not and are vulnerable to CVE-2018-20377:
00.96.00.96.613
00.96.00.96.609ES
00.96.321S
00.96.217
Further details – https://threatpost.com/19k-orange-livebox-modems-open-to-attack/140376/
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.