Thousands of Orange Modems Caught Leaking WiFi Credentials

Thousands of Orange Modems Caught Leaking WiFi Credentials


Bad Packets LLC co-founder Troy Mursch said this week that his company’s honeypots have caught an attacker scanning for Orange modems to exploit a vulnerability affecting Orange LiveBox devices.

The bug, CVE-2018-20377, allows a remote attacker to obtain the WiFi password and SSID of Orange LiveBoxes internal WiFi network via the modem’s get_getnetworkconf.cgi. The flaw is particularly dangerous since it can be used to build online botnets and on-location proximity hacks.

Mursch also said in a security advisory published by his company that an attacker can obtain the phone number tied to the modem and conduct other serious exploits.
Source: ZDNet

Disini & Disini Law Office
osi.georgebarleta@gmail.com