A failure in the orange livebox router allows you to steal your password

The Orange Liveboxes are the ADSL and fiber routers that the operator uses in Spain. Livebox 2.1 is the most widely used fiber and is the victim of a major security breach, affecting some 19, 500 units across the country. These models were exposed to a failure and leaked information such as its password or SSID. Something a security investigator discovered this weekend.

A failure in the Orange Livebox routers allows you to steal your password

Apparently, the attacker takes advantage of a vulnerability identified as CVE-2018-20377, which allows obtaining this password and the SSID of the internal network by accessing get_getnetworkconf.cgi.

Security flaw in the Orange Livebox routers

Without a doubt, it is a huge problem for these Orange routers. The fact that an attacker has the password of a WiFi network is something that can pose a great danger. Since it can get to have access to the network locally if it is located near where we are. Something that is especially relevant in the case of companies, which also have these Livebox routers in Spain.

The vast majority of those affected are in the Orange network in Spain. As it has been discovered, the attacker who is carrying out these actions is within the operator's network. The company has confirmed being aware of the problem.

They are currently looking for solutions to it. The affected models, as they have already confirmed, are the LIVEBOX ARV7519RW22-A-LT VR9 1.2 from Arcadyan. So it is advisable to take precautions if you have any of these models. Meanwhile, the operator promises to have a solution soon. We hope to have more data soon.

Badpacks font