Categories: Computer SecurityCyber Security NewsVulnerability

More than 19,000 Orange ADSL Modems Leaking Their WiFi Password

Multiple security vulnerabilities affecting latest firmware of ORANGE Livebox ADSL modems. The flaw allows an unauthenticated remote user to obtain modem’s SSID and to steal the WiFi password.

Security researchers from Bad Packets LLC , discovered the vulnerable devices that leaking their WiFi password. Shodan scan revealed 30,063 Orange Livebox modems. Among them 19,490 leaking WiFi credentials, 2,018 not leaking any information and 8,391 not responding to scans.

Bad Packets LLC said that they had detected an initial scan in their honeypots, “it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans.”

With the most affected devices uses the default passwords “admin/admin” and not having any custom passwords configured. The poorly configured devices allows attackers to view the phone number, MAC address of the connected devices.

An attacker could use this attack vector to extract connected device phone numbers which pose a very serious threat to user’s. By making the victim’s visiting the malicious site attackers can setup auto dialing profile on the victim’s modem which call’s attacker number without user interaction.

“This vector can be exploited to conduct false flag operations (such as impersonating an individual with a restraint order against another), marketing campaings, harassment, denial of service, and intelligence gathering” reads the exploit details published by Bad Packets LLC.

According to the Shodan scan report, researchers found most of the affected devices are on the network of Orange Espana (AS12479).

Bad Packets LLC reported the bug to Orange-CERT and they are investigating the issue, the vulnerability can be tracked as CVE-2018-20377.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Leave a Comment
Share
Published by
Gurubaran
Tags: ADSL modemscomputer securityORANGE LiveboxVulnerabilitywifi password
6 years ago

Recent Posts

Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution

A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could allow…

31 minutes ago

Foxit PDF Editor Vulnerabilities Allows Remote Code Execution

Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF…

2 hours ago

Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access

Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could…

3 hours ago

NetWalker Ransomware Operator Sentenced to 20 Years in Prison

A Romanian man has been sentenced to 20 years in prison for his involvement in…

3 hours ago

CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild

 The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability…

4 hours ago

CISA Releases Eight New ICS Advisories to Defend Cyber Attacks

 The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting…

5 hours ago