Sign-up

ID

VAR-201810-0699


CVE

CVE-2018-18375


TITLE

Orange AirBox Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-011373

DESCRIPTION

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. Orange AirBox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange AirBox is a portable wireless router product of Orange Company in Luxembourg. There is a security vulnerability in goform/getProfileList in Orange AirBox Y858_FL_01.16_04 version

Trust: 1.71

sources: NVD: CVE-2018-18375 // JVNDB: JVNDB-2018-011373 // VULHUB: VHN-128928

AFFECTED PRODUCTS

vendor:orangemodel:airboxscope:eqversion:y858_fl_01.16_04

Trust: 2.4

sources: JVNDB: JVNDB-2018-011373 // CNNVD: CNNVD-201810-738 // NVD: CVE-2018-18375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18375
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18375
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201810-738
value: CRITICAL

Trust: 0.6

VULHUB: VHN-128928
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-128928
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18375
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128928 // JVNDB: JVNDB-2018-011373 // CNNVD: CNNVD-201810-738 // NVD: CVE-2018-18375

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-128928 // JVNDB: JVNDB-2018-011373 // NVD: CVE-2018-18375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-738

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-738

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011373

PATCH
title:Top Pageurl:https://www.orange.fr/portail
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011373

EXTERNAL IDS
db:NVDid:CVE-2018-18375
Trust: 2.5
db:JVNDBid:JVNDB-2018-011373
Trust: 0.8
db:CNNVDid:CNNVD-201810-738
Trust: 0.7
db:VULHUBid:VHN-128928
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128928 // 
            
            
            
            JVNDB: JVNDB-2018-011373 // 
            
            
            
            CNNVD: CNNVD-201810-738 // 
            
            
            
            NVD: CVE-2018-18375

REFERENCES
url:https://github.com/remix30303/airboxapnleaks
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18375
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18375
Trust: 0.8
sources:
            
            
            VULHUB: VHN-128928 // 
            
            
            
            JVNDB: JVNDB-2018-011373 // 
            
            
            
            CNNVD: CNNVD-201810-738 // 
            
            
            
            NVD: CVE-2018-18375

SOURCES
db:VULHUBid:VHN-128928
db:JVNDBid:JVNDB-2018-011373
db:CNNVDid:CNNVD-201810-738
db:NVDid:CVE-2018-18375

LAST UPDATE DATE
2024-11-23T21:52:46.733000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128928date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011373date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-738date:2019-10-23T00:00:00
db:NVDid:CVE-2018-18375date:2024-11-21T03:55:49.323

SOURCES RELEASE DATE
db:VULHUBid:VHN-128928date:2018-10-16T00:00:00
db:JVNDBid:JVNDB-2018-011373date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-738date:2018-10-17T00:00:00
db:NVDid:CVE-2018-18375date:2018-10-16T01:29:00.743