![]() In a query to the Shodan internet of things search engine, 19,490 Orange Livebox modems were found to be leaking their WiFi credentials in plaintext. Mursch referred the issue to Orange Espana, Orange-CERT and CCN-CERT for further investigation and remediation – Orange-CERT said that it was looking into it. Further investigation showed that the flaw (CVE-2018-20377) allows a GET request to “/get_getnetworkconf.cgi” to return the Orange Livebox modem’s WiFi credentials in plaintext. ![]() Troy Mursch at Bad Packets said that the company’s honeypots observed a GET request scan right before Christmas targeting the modems, which are used to provide home internet service by Orange Espana in Spain. ![]() A flaw in Orange Livebox ADSL modems allows remote, unauthenticated users to obtain the device’s SSID and WiFi password with a simple GET request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |