Sign-up

ID

VAR-201810-0700


CVE

CVE-2018-18376


TITLE

Orange AirBox Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011374

DESCRIPTION

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter. Orange AirBox Contains an information disclosure vulnerability.Information may be obtained. OrangeAirBox is a portable wireless router product from Orange, Luxembourg. There is a security vulnerability in goform/getWlanClientInfo in the OrangeAirBoxY858_FL_01.16_04 release

Trust: 2.25

sources: NVD: CVE-2018-18376 // JVNDB: JVNDB-2018-011374 // CNVD: CNVD-2018-21605 // VULHUB: VHN-128929

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-21605

AFFECTED PRODUCTS

vendor:orangemodel:airboxscope:eqversion:y858_fl_01.16_04

Trust: 2.4

vendor:orangemodel:airbox y858 fl 01.16 04scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-21605 // JVNDB: JVNDB-2018-011374 // CNNVD: CNNVD-201810-739 // NVD: CVE-2018-18376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18376
value: HIGH

Trust: 1.0

NVD: CVE-2018-18376
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-21605
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-739
value: MEDIUM

Trust: 0.6

VULHUB: VHN-128929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-21605
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-128929
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18376
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-21605 // VULHUB: VHN-128929 // JVNDB: JVNDB-2018-011374 // CNNVD: CNNVD-201810-739 // NVD: CVE-2018-18376

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-128929 // JVNDB: JVNDB-2018-011374 // NVD: CVE-2018-18376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-739

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-739

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011374

PATCH
title:Top Pageurl:https://www.orange.fr/portail
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011374

EXTERNAL IDS
db:NVDid:CVE-2018-18376
Trust: 3.1
db:JVNDBid:JVNDB-2018-011374
Trust: 0.8
db:CNNVDid:CNNVD-201810-739
Trust: 0.7
db:CNVDid:CNVD-2018-21605
Trust: 0.6
db:VULHUBid:VHN-128929
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-21605 // 
            
            
            
            VULHUB: VHN-128929 // 
            
            
            
            JVNDB: JVNDB-2018-011374 // 
            
            
            
            CNNVD: CNNVD-201810-739 // 
            
            
            
            NVD: CVE-2018-18376

REFERENCES
url:https://github.com/remix30303/airboxleak
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-18376
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18376
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-21605 // 
            
            
            
            VULHUB: VHN-128929 // 
            
            
            
            JVNDB: JVNDB-2018-011374 // 
            
            
            
            CNNVD: CNNVD-201810-739 // 
            
            
            
            NVD: CVE-2018-18376

SOURCES
db:CNVDid:CNVD-2018-21605
db:VULHUBid:VHN-128929
db:JVNDBid:JVNDB-2018-011374
db:CNNVDid:CNNVD-201810-739
db:NVDid:CVE-2018-18376

LAST UPDATE DATE
2024-11-23T23:04:57.188000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-21605date:2018-10-24T00:00:00
db:VULHUBid:VHN-128929date:2018-12-06T00:00:00
db:JVNDBid:JVNDB-2018-011374date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-739date:2018-10-17T00:00:00
db:NVDid:CVE-2018-18376date:2024-11-21T03:55:49.477

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-21605date:2018-10-24T00:00:00
db:VULHUBid:VHN-128929date:2018-10-16T00:00:00
db:JVNDBid:JVNDB-2018-011374date:2019-01-11T00:00:00
db:CNNVDid:CNNVD-201810-739date:2018-10-17T00:00:00
db:NVDid:CVE-2018-18376date:2018-10-16T01:29:00.853