Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcadyan vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-9419
Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote malicious users to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboar...
Arcadyan Vrv9506jac23 Firmware -
NA
CVE-2020-9420
The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an malicious user to sniff and intercept traffic to learn the administrative credentials to the router.
Arcadyan Vrv9506jac23 Firmware -
445
VMScore
CVE-2016-10042
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.
Arcadyan Swisscom Internet-box Firmware -
445
VMScore
CVE-2018-20575
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
NA
CVE-2023-43478
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated malicious users to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultima...
Telstra Arcadyan Lh1000 Firmware
837
VMScore
CVE-2018-20577
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcad...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
NA
CVE-2023-43477
The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated malicious user to achieve command injectio...
Telstra Arcadyan Lh1000 Firmware
516
VMScore
CVE-2018-20576
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware ...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.320s
801
VMScore
CVE-2021-38703
Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execu...
Kpn Experia Wifi Firmware 1.00.15
891
VMScore
CVE-2018-20377
Orange Livebox 00.96.320S devices allow remote malicious users to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11...
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.217
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.321s
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.00.96.609es
Orange Arv7519rw22 Livebox 2.1 Firmware 00.96.00.96.613
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started