VYPR
Vendor

Arcadyan

Products
11
CVEs
13
Across products
14
Status
Private

Products

11

Recent CVEs

13
  • CVE-2018-20377CriDec 23, 2018
    risk 0.64cvss 9.8epss 0.08

    Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware…

  • CVE-2023-43478HigSep 20, 2023
    risk 0.59cvss 8.8epss 0.17

    fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately…

  • CVE-2018-20577CriDec 28, 2018
    risk 0.59cvss 9.1epss 0.01

    Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and…

  • CVE-2021-38703HigSep 1, 2021
    risk 0.58cvss 8.8epss 0.04

    Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code…

  • CVE-2024-53561HigJan 14, 2025
    risk 0.57cvss 8.7epss 0.01

    A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request.

  • CVE-2024-41992HigNov 11, 2024
    risk 0.57cvss 8.8epss 0.03

    Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP…

  • CVE-2018-20575HigDec 28, 2018
    risk 0.49cvss 7.5epss 0.01

    Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.

  • CVE-2016-10042HigJun 29, 2017
    risk 0.49cvss 7.5epss 0.01

    Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.

  • CVE-2024-57725MedFeb 14, 2025
    risk 0.43cvss 6.5epss 0.06

    An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

  • CVE-2020-9420MedDec 14, 2022
    risk 0.42cvss 6.5epss 0.00

    The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router.

  • CVE-2024-53563MedJan 14, 2025
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

  • CVE-2020-9419MedDec 14, 2022
    risk 0.35cvss 5.4epss 0.00

    Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domain_name parameters present in the LAN configuration section of the administrative dashboard.

  • CVE-2018-20576MedDec 28, 2018
    risk 0.35cvss 5.4epss 0.00

    Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware…