CVE-2018-20577

Name of the Vulnerable Software and Affected Versions Orange Livebox 00.96.320S devices

Description The issue is related to several CGI binaries, including cgi-bin/restore.exe, cgi-bin/firewall SPI.exe, cgi-bin/setup remote mgmt.exe, cgi-bin/setup pass.exe, and cgi-bin/upgradep.exe, which are vulnerable to CSRF attacks. This issue is associated with specific firmware, boot, modem, and hardware versions.

Recommendations For Orange Livebox 00.96.320S devices, as a temporary workaround, consider restricting access to the vulnerable CGI binaries until a patch is available. Avoid using these binaries in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.