Multiple security vulnerabilities affecting latest firmware of ORANGE Livebox ADSL modems. The flaw allows an unauthenticated remote user to obtain modem’s SSID and to steal the WiFi password.
Security researchers from Bad Packets LLC , discovered the vulnerable devices that leaking their WiFi password. Shodan scan revealed 30,063 Orange Livebox modems. Among them 19,490 leaking WiFi credentials, 2,018 not leaking any information and 8,391 not responding to scans.
Bad Packets LLC said that they had detected an initial scan in their honeypots, “it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans.”
With the most affected devices uses the default passwords “admin/admin” and not having any custom passwords configured. The poorly configured devices allows attackers to view the phone number, MAC address of the connected devices.
An attacker could use this attack vector to extract connected device phone numbers which pose a very serious threat to user’s. By making the victim’s visiting the malicious site attackers can setup auto dialing profile on the victim’s modem which call’s attacker number without user interaction.
“This vector can be exploited to conduct false flag operations (such as impersonating an individual with a restraint order against another), marketing campaings, harassment, denial of service, and intelligence gathering” reads the exploit details published by Bad Packets LLC.
According to the Shodan scan report, researchers found most of the affected devices are on the network of Orange Espana (AS12479).
Bad Packets LLC reported the bug to Orange-CERT and they are investigating the issue, the vulnerability can be tracked as CVE-2018-20377.