Sunday, March 30, 2025
HomeComputer SecurityMore than 19,000 Orange ADSL Modems Leaking Their WiFi Password

More than 19,000 Orange ADSL Modems Leaking Their WiFi Password

Published on

SIEM as a Service

Follow Us on Google News

Multiple security vulnerabilities affecting latest firmware of ORANGE Livebox ADSL modems. The flaw allows an unauthenticated remote user to obtain modem’s SSID and to steal the WiFi password.

Security researchers from Bad Packets LLC , discovered the vulnerable devices that leaking their WiFi password. Shodan scan revealed 30,063 Orange Livebox modems. Among them 19,490 leaking WiFi credentials, 2,018 not leaking any information and 8,391 not responding to scans.

ADSL modems

Bad Packets LLC said that they had detected an initial scan in their honeypots, “it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans.”

With the most affected devices uses the default passwords “admin/admin” and not having any custom passwords configured. The poorly configured devices allows attackers to view the phone number, MAC address of the connected devices.

An attacker could use this attack vector to extract connected device phone numbers which pose a very serious threat to user’s. By making the victim’s visiting the malicious site attackers can setup auto dialing profile on the victim’s modem which call’s attacker number without user interaction.

“This vector can be exploited to conduct false flag operations (such as impersonating an individual with a restraint order against another), marketing campaings, harassment, denial of service, and intelligence gathering” reads the exploit details published by Bad Packets LLC.

According to the Shodan scan report, researchers found most of the affected devices are on the network of Orange Espana (AS12479).

Bad Packets LLC reported the bug to Orange-CERT and they are investigating the issue, the vulnerability can be tracked as CVE-2018-20377.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging...

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...