CVE-2018-18375 – This vulnerability in Orange AirBox routers all... (How to Fix)

Q: What is the severity of CVE-2018-18375?

CVE-2018-18375 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Orange AirBox routers allows attackers to extract sensitive APN configuration data including names, numbers, usernames, and passwords via an unauthenticated web request. Attackers can exploit this to steal credentials and potentially compromise mobile network access. Users of Orange AirBox Y858_FL_01.16_04 routers are affected.

📋 TL;DR

This vulnerability in Orange AirBox routers allows attackers to extract sensitive APN configuration data including names, numbers, usernames, and passwords via an unauthenticated web request. Attackers can exploit this to steal credentials and potentially compromise mobile network access. Users of Orange AirBox Y858_FL_01.16_04 routers are affected.

💻 Affected Systems

Products:

Orange AirBox Y858_FL

Versions: 01.16_04

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific firmware version mentioned; other versions may also be vulnerable but unconfirmed.

📦 What is this software?

Airbox Firmware by Orange

View all CVEs affecting Airbox Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal APN credentials, gain unauthorized access to mobile networks, intercept communications, and potentially pivot to other network resources.

🟠

Likely Case

Attackers extract APN credentials and use them for unauthorized mobile data access or credential reuse attacks against other systems.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to credential exposure without lateral movement opportunities.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making internet-exposed devices immediately vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems can exploit this to steal credentials and potentially pivot externally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP GET request to /goform/getProfileList with rand parameter triggers the leak. Public proof-of-concept code exists on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check Orange vendor website for firmware updates or contact Orange support for patching guidance.

🔧 Temporary Workarounds

Block Web Interface Access

linux

Restrict access to the router's web management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable Remote Management

all

Turn off remote management/administration features in router settings

🧯 If You Can't Patch

Segment affected routers on isolated network segments to limit lateral movement
Monitor for unusual outbound connections or credential usage from affected devices

🔍 How to Verify

Check if Vulnerable:

Send HTTP GET request to http://[router-ip]/goform/getProfileList?rand=test and check if APN data is returned in response

Check Version:

Check router web interface or use nmap -sV [router-ip] to identify firmware version

Verify Fix Applied:

After applying workarounds, verify the endpoint no longer returns APN data or is inaccessible

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/getProfileList with rand parameter
Unusual access to router management interface

Network Indicators:

HTTP GET requests to router IP on port 80/443 with specific parameter patterns
Outbound connections using extracted APN credentials

SIEM Query:

source="router_logs" AND uri="/goform/getProfileList" AND query_string="*rand=*"

📊 Metadata

CVE ID: CVE-2018-18375

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-330

Published: October 16, 2018

Last Updated: November 21, 2024

🔗 References

https://github.com/remix30303/AirBoxAPNLeaks Exploit,Third Party Advisory
https://github.com/remix30303/AirBoxAPNLeaks Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-18375, you might also want to check these: