CVE-2018-18375

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
References
Link Resource
https://github.com/remix30303/AirBoxAPNLeaks Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:orange:airbox_firmware:y858_fl_01.16_04:*:*:*:*:*:*:*
cpe:2.3:h:orange:airbox:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-16 01:29

Updated : 2024-02-04 20:03


NVD link : CVE-2018-18375

Mitre link : CVE-2018-18375

CVE.ORG link : CVE-2018-18375


JSON object : View

Products Affected

orange

  • airbox
  • airbox_firmware
CWE
CWE-330

Use of Insufficiently Random Values