Tuesday, May 28, 2024

More than 19,000 Orange ADSL Modems Leaking Their WiFi Password

Multiple security vulnerabilities affecting latest firmware of ORANGE Livebox ADSL modems. The flaw allows an unauthenticated remote user to obtain modem’s SSID and to steal the WiFi password.

Security researchers from Bad Packets LLC , discovered the vulnerable devices that leaking their WiFi password. Shodan scan revealed 30,063 Orange Livebox modems. Among them 19,490 leaking WiFi credentials, 2,018 not leaking any information and 8,391 not responding to scans.

ADSL modems

Bad Packets LLC said that they had detected an initial scan in their honeypots, “it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans.”

With the most affected devices uses the default passwords “admin/admin” and not having any custom passwords configured. The poorly configured devices allows attackers to view the phone number, MAC address of the connected devices.

An attacker could use this attack vector to extract connected device phone numbers which pose a very serious threat to user’s. By making the victim’s visiting the malicious site attackers can setup auto dialing profile on the victim’s modem which call’s attacker number without user interaction.

“This vector can be exploited to conduct false flag operations (such as impersonating an individual with a restraint order against another), marketing campaings, harassment, denial of service, and intelligence gathering” reads the exploit details published by Bad Packets LLC.

According to the Shodan scan report, researchers found most of the affected devices are on the network of Orange Espana (AS12479).

Bad Packets LLC reported the bug to Orange-CERT and they are investigating the issue, the vulnerability can be tracked as CVE-2018-20377.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles