CVE-2007-5383 - OpenCVE

The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Bt	Home Hub
Alcatel	Speedtouch 7g Router

Configuration 1 [-]

OR	cpe:2.3:h:alcatel:speedtouch_7g_router::::::::
	cpe:2.3:h:bt:home_hub::::::::

References

Link	Resource
http://securityreason.com/securityalert/3213
http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/	Exploit
http://www.gnucitizen.org/projects/router-hacking-challenge/
http://www.securityfocus.com/archive/1/481835/100/0/threaded
http://www.securityfocus.com/archive/1/489009/100/0/threaded
http://www.securityfocus.com/bid/25972	Exploit
http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
https://exchange.xforce.ibmcloud.com/vulnerabilities/41271

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-12T01:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-10-11T00:00:00

Link: CVE-2007-5383

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-12T01:17:00.000

Modified: 2018-10-15T21:44:13.623

Link: CVE-2007-5383

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"}, {"name": "20080301 The Router Hacking Challenge is Over!", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "3213", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3213"}, {"name": "25972", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25972"}, {"name": "bthomehub-cgib-auth-bypass(41271)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"}, {"name": "20071008 BT Home Flub: Pwnin the BT Home Hub", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"}, {"tags": ["x_refsource_MISC"], "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5383", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"}, {"name": "20080301 The Router Hacking Challenge is Over!", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/", "refsource": "MISC", "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"name": "3213", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3213"}, {"name": "25972", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25972"}, {"name": "bthomehub-cgib-auth-bypass(41271)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"}, {"name": "20071008 BT Home Flub: Pwnin the BT Home Hub", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"}, {"name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub", "refsource": "MISC", "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"}, {"name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/", "refsource": "MISC", "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5383", "datePublished": "2007-10-12T01:00:00", "dateReserved": "2007-10-11T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "59E071E9-1B08-4BAE-B4E0-3653078ECE9E", "vulnerable": true}, {"criteria": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*", "matchCriteriaId": "43343DF4-0554-4824-A165-317E3EF424DD", "versionEndIncluding": "6.2.6.b", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."}, {"lang": "es", "value": "El router Thomson/Alcatel SpeedTouch 7G, como es usado por el BT Home Hub versi\u00f3n 6.2.6.B y anteriores, permite a atacantes remotos sobre una intranet omitir la autenticaci\u00f3n y conseguir acceso administrativo por medio de vectores que incluyen un car\u00e1cter '/' (barra diagonal) al final del PATH_INFO en cgi/b, tambi\u00e9n se conoce como \"double-slash auth bypass\". NOTA: atacantes remotos fuera de la intranet pueden explotar esto aprovechando una vulnerabilidad de tipo CSRF separada. NOTA: SpeedTouch 780 tambi\u00e9n podr\u00eda estar afectado por algunos de estos problemas."}], "id": "CVE-2007-5383", "lastModified": "2018-10-15T21:44:13.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-12T01:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3213"}, {"source": "cve@mitre.org", "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"}, {"source": "cve@mitre.org", "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25972"}, {"source": "cve@mitre.org", "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}