A flaw in Orange Livebox ADSL modems allows remote, unauthenticated users to obtain the device s SSID and WiFi password with a simple GET request. Bad Packets honeypots observed a GET request scan right before Christmas targeting the modems. The modems are used to provide home internet service by Orange Espana in Spain. Many of these are using the same password to administer the device (password reuse); and, more than a handful are using factory default passwords.
Source: https://threatpost.com/19k-orange-livebox-modems-open-to-attack/140376/