24 Dec Thousands of Orange Modems Caught Leaking WiFi Credentials
Bad Packets LLC co-founder Troy Mursch said this week that his company’s honeypots have caught an attacker scanning for Orange modems to exploit a vulnerability affecting Orange LiveBox devices.
The bug, CVE-2018-20377, allows a remote attacker to obtain the WiFi password and SSID of Orange LiveBoxes internal WiFi network via the modem’s get_getnetworkconf.cgi. The flaw is particularly dangerous since it can be used to build online botnets and on-location proximity hacks.
Mursch also said in a security advisory published by his company that an attacker can obtain the phone number tied to the modem and conduct other serious exploits.