CVE-2018-18377

HIGH

Orange AirBox Y858_FL_01.16_04 - Unauthenticated Factory Reset via goform/setReset

Title source: llm
STIX 2.1

Description

goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.

References (1)

Core 1
Core References
Exploit, Technical Description x_refsource_misc
https://github.com/remix30303/AirBoxDoom

Scores

CVSS v3 7.5
EPSS 0.0092
EPSS Percentile 55.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-862
Status published
Products (1)
orange/airbox_firmware y858_fl_01.16_04
Published Oct 16, 2018
Tracked Since Feb 18, 2026