Over 19K Orange Livebox Modems Open to Attack [CVE-2018-20377]

Poorly secured Orange Livebox ADSL modems allows remote, unauthenticated users to obtain the device’s SSID and WiFi password with a simple GET request.

In a query to the Shodan internet of things search engine, 19,490 Orange Livebox modems were found to be leaking their WiFi credentials in plaintext. 

This allows allow any remote user to easily access the device and maliciously modify the device settings or firmware. In addition, they can obtain the phone number tied to the modem and conduct other serious exploits.

As discussed here it would be possible for the victim to visit a malicious site, it will create an autodialing profile on the victim’s modem, and activate the Line Test feature. No interaction needed. The phone will ring, and when the call is answered the autodialing feature will call the attacker’s number.

Affected Models

Orange Livebox Arcadyan ARV7519 modem firmware versions,, 00.96.321S and 00.96.217 are affected by the flaw.

These versions are not and are vulnerable to CVE-2018-20377:

Further details – https://threatpost.com/19k-orange-livebox-modems-open-to-attack/140376/

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: