Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcadyan vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-9419
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote malicious users to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboar...
Arcadyan Vrv9506jac23 Firmware -
6.5
CVSSv3
CVE-2020-9420
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an malicious user to sniff and intercept traffic to learn the administrative credentials to the router.
Arcadyan Vrv9506jac23 Firmware -
7.5
CVSSv3
CVE-2016-10042
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.
Arcadyan Swisscom Internet-box Firmware -
7.5
CVSSv3
CVE-2018-20575
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
9.8
CVSSv3
CVE-2023-43478
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated malicious users to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultima...
Telstra Arcadyan Lh1000 Firmware
9.1
CVSSv3
CVE-2018-20577
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcad...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
8.8
CVSSv3
CVE-2023-43477
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated malicious user to achieve command injectio...
Telstra Arcadyan Lh1000 Firmware
5.4
CVSSv3
CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware ...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
8.8
CVSSv3
CVE-2021-38703
Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execu...
Kpn Experia Wifi Firmware 1.00.15
9.8
CVSSv3
CVE-2018-20377
Orange Livebox 00.96.320S devices allow remote malicious users to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.217
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.321s
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.00.96.609es
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.00.96.613
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started