. https://www.zdnet.com/article/over-19000-orange-modems-are-leaking-wifi-credentials/
blog article
Over the weekend, a security researcher has discovered that nearly 19,500 Orange Livebox ADSL modems are leaking WiFi credentials. Troy Mursch, co-founder of Bad Packets LLC, says his company's honeypots have detected at least one threat actor scanning heavily for Orange modems. Scans started Friday, December 21, Mursch said. The attacker is exploiting a vulnerability affecting Orange LiveBox devices (CVE-2018-20377) that was first described in 2012. The vulnerability allows a remote attacker to obtain the WiFi password and network ID (SSID) for the modem's internal WiFi network just by accessing the modem's get_getnetworkconf.cgi. WHY THIS IS A VERY DANGEROUS FLAW This can be dangerous in a variety of ways. First, it's dangerous because an attacker can use these details for on-location proximity hacks. Services like WiGLE allow an attacker to get the exact geographical coordinates of a WiFi network based only on its SSID. Since the Orange modem also leaks the WiFi password, an attacker can travel to a suspected high-value target, such as a company or expensive home, and use the password to gain access to a victim's network and launch attacks on other nearby devices. CATALIN CIMPANU READ MORE