Orange: >> Airbox Firmware >> y858_fl_01.16_04 Security Vulnerabilities
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-16
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-10-16