CVE-2018-18377 - OpenCVE

goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Orange	Airbox Airbox Firmware

Configuration 1 [-]

AND

cpe:2.3:o:orange:airbox_firmware:y858_fl_01.16_04:*:*:*:*:*:*:*

cpe:2.3:h:orange:airbox:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/remix30303/AirBoxDoom	Exploit Technical Description

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:03

Updated: 2022-10-03T16:22:03

Reserved: 2022-10-03T00:00:00

Link: CVE-2018-18377

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-16T01:29:00.993

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-18377

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:orange:airbox_firmware:y858_fl_01.16_04:*:*:*:*:*:*:*", "matchCriteriaId": "11AA7E57-D0C3-4162-9D3B-90D19D362393", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:orange:airbox:-:*:*:*:*:*:*:*", "matchCriteriaId": "00D35101-3661-4102-AE0B-AD30163B54BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials."}, {"lang": "es", "value": "goform/setReset en Orange AirBox Y858_FL_01.16_04 permite que los atacantes restablezcan un router a sus ajustes de f\u00e1brica, lo que puede emplearse para iniciar sesi\u00f3n mediante las credenciales admin:admin por defecto."}], "id": "CVE-2018-18377", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-16T01:29:00.993", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description"], "url": "https://github.com/remix30303/AirBoxDoom"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}