CVE-2024-57725

MEDIUM

Arcadyan Livebox Fibra PRV3399B_B_LT - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57725. PoCs published by pointedsec.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2024-57725, an unauthenticated GPON link manipulation vulnerability in Arcadyan routers distributed by Orange and Jazztel. The exploit allows extraction and modification of the GPON password via unauthenticated endpoints, leading to information disclosure and DoS.

Description

An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

Exploits (1)

nomisec WORKING POC 1 stars
by pointedsec · poc
https://github.com/pointedsec/CVE-2024-57725

This repository contains a working PoC for CVE-2024-57725, an unauthenticated GPON link manipulation vulnerability in Arcadyan routers distributed by Orange and Jazztel. The exploit allows extraction and modification of the GPON password via unauthenticated endpoints, leading to information disclosure and DoS.

Classification
Working Poc 95%
Attack Type
Info Leak | Dos
Complexity
Trivial
Reliability
Reliable
Target: Arcadyan routers (PRV3399B_B_LT) distributed by Orange and Jazztel
No auth needed
Prerequisites: Local network access or exposed router authentication panel
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0581
EPSS Percentile 92.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-306
Status published
Published Feb 14, 2025
Tracked Since Feb 18, 2026