CVE-2018-20576
Status: Analyzed
Last modified:
23-01-2019
Published:
28-12-2018
5.4
SUMMARY CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
Access CVSS3 CVE-2018-20576
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | NETWORK | NONE | UNCHANGED | REQUIRED |
Impact CVSS3 CVE-2018-20576
Confidentiality | Integrity | Availability |
---|---|---|
LOW | LOW | NONE |
Details CVE-2018-20576
EPSS | 0.00086 |
---|---|
EPSS % | 0.37332 |
References | |
CWE | CWE-352 |
CAPEC |
|
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |