[INTERNET MODEM] An old security flaw in the Orange Livebox exploited

A security expert from Bad Packets has just alerted the French telecommunications operator Orange about the presence of an old security flaw affecting Liveboxes. Attackers have taken advantage of this flaw to conduct a major scanning campaign. 20,000 boxes would thus be vulnerable in France and Spain. This flaw would be related to a firmware that would leave an entry door on port 8080 to launch the get_getnetworkconf.cgi command and access the contents of this system file. Attackers could thus integrate the Wi-Fi network of a company or an individual, and bounce back on devices connected to the network (smartphones, computers, tablets, etc.).  This flaw can therefore be exploited to integrate the Livebox into an IoT botnet and launch DDoS attacks.