Vulnerability CVE-2007-5383


Published: 2007-10-11   Modified: 2012-02-12

Description:
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
BT Home Flub: Pwnin the BT Home Hub
Adrian P
12.10.2007

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
BT -> Home hub 
Alcatel -> Speedtouch 7g router 

 References:
http://securityreason.com/securityalert/3213
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.securityfocus.com/archive/1/481835/100/0/threaded
http://www.securityfocus.com/archive/1/489009/100/0/threaded
http://www.securityfocus.com/bid/25972
http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
https://exchange.xforce.ibmcloud.com/vulnerabilities/41271

Copyright 2024, cxsecurity.com

 

Back to Top