Friday, October 11, 2024
HomeComputer SecurityMore than 19,000 Orange ADSL Modems Leaking Their WiFi Password

More than 19,000 Orange ADSL Modems Leaking Their WiFi Password

Published on

Malware protection

Multiple security vulnerabilities affecting latest firmware of ORANGE Livebox ADSL modems. The flaw allows an unauthenticated remote user to obtain modem’s SSID and to steal the WiFi password.

Security researchers from Bad Packets LLC , discovered the vulnerable devices that leaking their WiFi password. Shodan scan revealed 30,063 Orange Livebox modems. Among them 19,490 leaking WiFi credentials, 2,018 not leaking any information and 8,391 not responding to scans.

ADSL modems

Bad Packets LLC said that they had detected an initial scan in their honeypots, “it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans.”

- Advertisement - SIEM as a Service

With the most affected devices uses the default passwords “admin/admin” and not having any custom passwords configured. The poorly configured devices allows attackers to view the phone number, MAC address of the connected devices.

An attacker could use this attack vector to extract connected device phone numbers which pose a very serious threat to user’s. By making the victim’s visiting the malicious site attackers can setup auto dialing profile on the victim’s modem which call’s attacker number without user interaction.

“This vector can be exploited to conduct false flag operations (such as impersonating an individual with a restraint order against another), marketing campaings, harassment, denial of service, and intelligence gathering” reads the exploit details published by Bad Packets LLC.

According to the Shodan scan report, researchers found most of the affected devices are on the network of Orange Espana (AS12479).

Bad Packets LLC reported the bug to Orange-CERT and they are investigating the issue, the vulnerability can be tracked as CVE-2018-20377.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...