Troy Mursch

**Name of the Vulnerable Software and Affected Versions** Orange Livebox versions 00.96.320S **Description** The issue is caused by an error in handling registration data in the get getnetworkconf.cgi script of the wireless router's firmware. This can allow a remote attacker to access protected information using the HTTP protocol. The vulnerability can be exploited to discover Wi-Fi credentials via the "/get getnetworkconf.cgi" API endpoint on port 8080, potentially leading to full control if the admin password is the same as the Wi-Fi password or has the default admin value. **Recommendations** For Orange Livebox version 00.96.320S, consider restricting access to the "/get getnetworkconf.cgi" API endpoint on port 8080 to minimize the risk of exploitation. Additionally, ensure that the admin password is different from the Wi-Fi password and not set to the default admin value. At the moment, there is no information about a newer version that contains a fix for this vulnerability.