A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. Honeypot systems at detected a scan that targeted the devices from Orange. Looking into the potential gain an attacker could have from this, company co-founder Troy Mursch discovered they were leaking the local network access details.
Using Shodan to get a list of LiveBox systems visible on the internet, Mursch found that 19,490 of them exposed the info in plain text via a GET request for /getgetnetworkconf.cgi. In a, Mursch says that owners of many of the vulnerable Orange boxes used the same password to restrict access to both the configuration panel of the device and the wireless network. He also noticed heavy use of the default credentials - admin/admin.
[Livebox] —- wireless —- [WRT54GL] — ethernet — [PC] So, I am not extending the wireless range of my Livebox. Rather, I’m using the WRT54GL as a bridge. I could have used a USB dongle on the PC to connect to the Livebox but I decided against it as I run Linux and I rather have an ethernet connection than having to mingle with a USB.
This is valuable information for an attacker looking to compromise the device remotely, or for impersonation attacks, especially since the modem comes with VoIP support. Credit: Troy Mursch Several vulnerabilities affecting Orange LiveBox modems are, some of them accompanied by exploit code that demonstrates them. According to Mursch, most of the vulnerable devices were located in the Orange Espana (AS12479) network, and the initial scan source was an IP address from a Telefonica Spain customer. 'While we can only guess what the motive was behind these scans, it’s interesting to find the source is physically closer to the affected Livebox ADSL modems than say a threat actor in another country. This could allow them to connect to the WiFi network (SSID) if they were near one of the modems indexed by their scans,' the researcher notes.
This information leak flaw, now identified as is not unknown in the technical world. It has been described in a by Rick Murray and in 2015 in an.
Orange Espana, Orange-CERT and CERT Spain have been notified to deploy mitigation procedures.