CSRF Vulnerability in Orange Livebox 00.96.320S Devices Allows Arbitrary Outbound Telephone Calls

CSRF Vulnerability in Orange Livebox 00.96.320S Devices Allows Arbitrary Outbound Telephone Calls

CVE-2018-20576 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Learn more about our Web Application Penetration Testing UK.