Information Disclosure in Orange AirBox Y858_FL_01.16_04: Remote Discovery of Connected Devices

Information Disclosure in Orange AirBox Y858_FL_01.16_04: Remote Discovery of Connected Devices

CVE-2018-18376 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

Learn more about our Web Application Penetration Testing UK.