CVE-2018-20575

Name of the Vulnerable Software and Affected Versions Orange Livebox versions 00.96.320S

Description The issue is related to an undocumented API endpoint "/system firmwarel.stm" for manual firmware updates. This affects devices with specific firmware, boot, modem, and hardware versions, including Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

Recommendations For Orange Livebox version 00.96.320S, consider restricting access to the undocumented "/system firmwarel.stm" URI to prevent potential exploitation.