Freebox
Products
6- 5 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24377 | Cri | 0.62 | 9.6 | 0.01 | Sep 16, 2020 | A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. | ||
| CVE-2020-24376 | Cri | 0.62 | 9.6 | 0.01 | Sep 16, 2020 | A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. | ||
| CVE-2020-24374 | Cri | 0.62 | 9.6 | 0.01 | Sep 16, 2020 | A DNS rebinding vulnerability in Freebox v5 before 1.5.29. | ||
| CVE-2020-24373 | Hig | 0.57 | 8.8 | 0.01 | Sep 16, 2020 | A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | ||
| CVE-2020-24375 | Med | 0.42 | 6.5 | 0.01 | Oct 19, 2020 | A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | ||
| CVE-2014-9382 | Med | 0.42 | 6.5 | 0.01 | Jan 13, 2020 | Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation | ||
| CVE-2014-9405 | Med | 0.35 | 5.4 | 0.02 | Jan 6, 2020 | A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code. | ||
| CVE-2025-63292 | 0.00 | — | 0.00 | Nov 17, 2025 | Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the… | |||
| CVE-2007-2652 | 0.00 | — | 0.03 | May 14, 2007 | Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f)… |
- risk 0.62cvss 9.6epss 0.01
A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.
- risk 0.62cvss 9.6epss 0.01
A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3.
- risk 0.62cvss 9.6epss 0.01
A DNS rebinding vulnerability in Freebox v5 before 1.5.29.
- risk 0.57cvss 8.8epss 0.01
A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
- risk 0.42cvss 6.5epss 0.01
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
- risk 0.42cvss 6.5epss 0.01
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
- risk 0.35cvss 5.4epss 0.02
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
- CVE-2025-63292Nov 17, 2025risk 0.00cvss —epss 0.00
Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the…
- CVE-2007-2652May 14, 2007risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f)…