cvelistv5 - cve-2007-5383

CVE-2007-5383 (GCVE-0-2007-5383)

Vulnerability from cvelistv5 – Published: 2007-10-12 01:00 – Updated: 2024-08-07 15:31

Summary

The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.gnucitizen.org/blog/holes-in-embedded-…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/489009/100…	mailing-listx_refsource_BUGTRAQ
	http://www.gnucitizen.org/projects/router-hacking…	x_refsource_MISC
	http://securityreason.com/securityalert/3213	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/25972	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/481835/100…	mailing-listx_refsource_BUGTRAQ
	http://www.gnucitizen.org/blog/bt-home-flub-pwnin…	x_refsource_MISC
	http://www.theregister.co.uk/2007/10/09/bt_home_h…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
          },
          {
            "name": "20080301 The Router Hacking Challenge is Over!",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
          },
          {
            "name": "3213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3213"
          },
          {
            "name": "25972",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25972"
          },
          {
            "name": "bthomehub-cgib-auth-bypass(41271)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
          },
          {
            "name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
        },
        {
          "name": "20080301 The Router Hacking Challenge is Over!",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
        },
        {
          "name": "3213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3213"
        },
        {
          "name": "25972",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25972"
        },
        {
          "name": "bthomehub-cgib-auth-bypass(41271)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
        },
        {
          "name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5383",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
            },
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "3213",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3213"
            },
            {
              "name": "25972",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25972"
            },
            {
              "name": "bthomehub-cgib-auth-bypass(41271)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
            },
            {
              "name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
            },
            {
              "name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
            },
            {
              "name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
              "refsource": "MISC",
              "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5383",
    "datePublished": "2007-10-12T01:00:00",
    "dateReserved": "2007-10-11T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59E071E9-1B08-4BAE-B4E0-3653078ECE9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.2.6.b\", \"matchCriteriaId\": \"43343DF4-0554-4824-A165-317E3EF424DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \\\"double-slash auth bypass.\\\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.\"}, {\"lang\": \"es\", \"value\": \"El router Thomson/Alcatel SpeedTouch 7G, como es usado por el BT Home Hub versi\\u00f3n 6.2.6.B y anteriores, permite a atacantes remotos sobre una intranet  omitir la autenticaci\\u00f3n y conseguir acceso administrativo por medio de vectores que incluyen un car\\u00e1cter \u0027/\u0027 (barra diagonal) al final del PATH_INFO en cgi/b, tambi\\u00e9n se conoce como \\\"double-slash auth bypass\\\". NOTA: atacantes remotos fuera de la intranet pueden explotar esto aprovechando una vulnerabilidad de tipo CSRF separada. NOTA: SpeedTouch 780 tambi\\u00e9n podr\\u00eda estar afectado por algunos de estos problemas.\"}]",
      "id": "CVE-2007-5383",
      "lastModified": "2024-11-21T00:37:46.503",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-12T01:17:00.000",
      "references": "[{\"url\": \"http://securityreason.com/securityalert/3213\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481835/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489009/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25972\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41271\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/481835/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489009/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25972\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41271\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5383\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-12T01:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \\\"double-slash auth bypass.\\\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.\"},{\"lang\":\"es\",\"value\":\"El router Thomson/Alcatel SpeedTouch 7G, como es usado por el BT Home Hub versi\u00f3n 6.2.6.B y anteriores, permite a atacantes remotos sobre una intranet  omitir la autenticaci\u00f3n y conseguir acceso administrativo por medio de vectores que incluyen un car\u00e1cter \u0027/\u0027 (barra diagonal) al final del PATH_INFO en cgi/b, tambi\u00e9n se conoce como \\\"double-slash auth bypass\\\". NOTA: atacantes remotos fuera de la intranet pueden explotar esto aprovechando una vulnerabilidad de tipo CSRF separada. NOTA: SpeedTouch 780 tambi\u00e9n podr\u00eda estar afectado por algunos de estos problemas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E071E9-1B08-4BAE-B4E0-3653078ECE9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.2.6.b\",\"matchCriteriaId\":\"43343DF4-0554-4824-A165-317E3EF424DD\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/3213\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.gnucitizen.org/projects/router-hacking-challenge/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/481835/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489009/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25972\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41271\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.gnucitizen.org/projects/router-hacking-challenge/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/481835/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489009/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41271\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2007-5383

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5383

Aliases

CVE-2007-5383

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5383",
    "description": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.",
    "id": "GSD-2007-5383"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5383"
      ],
      "details": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.",
      "id": "GSD-2007-5383",
      "modified": "2023-12-13T01:21:41.282700Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5383",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
          },
          {
            "name": "20080301 The Router Hacking Challenge is Over!",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
          },
          {
            "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
          },
          {
            "name": "3213",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3213"
          },
          {
            "name": "25972",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25972"
          },
          {
            "name": "bthomehub-cgib-auth-bypass(41271)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
          },
          {
            "name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
          },
          {
            "name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
          },
          {
            "name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
            "refsource": "MISC",
            "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6.b",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5383"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
            },
            {
              "name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
            },
            {
              "name": "25972",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/25972"
            },
            {
              "name": "3213",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3213"
            },
            {
              "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
            },
            {
              "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "bthomehub-cgib-auth-bypass(41271)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
            },
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:44Z",
      "publishedDate": "2007-10-12T01:17Z"
    }
  }
}

GHSA-XF6W-J33H-544M

Vulnerability from github – Published: 2022-05-01 18:32 – Updated: 2025-04-09 03:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-12T01:17:00Z",
    "severity": "HIGH"
  },
  "details": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.",
  "id": "GHSA-xf6w-j33h-544m",
  "modified": "2025-04-09T03:47:15Z",
  "published": "2022-05-01T18:32:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5383"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3213"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25972"
    },
    {
      "type": "WEB",
      "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200710-0018

Vulnerability from variot - Updated: 2023-12-18 11:39

Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions.

1) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes.

2) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user's browser session.

3) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user's browser session.

4) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user's browser session.

5) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed.

6) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication.

7) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. Successful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: '/' (slash) vectors are covered by CVE-2007-5383

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0018",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "home hub",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "bt",
        "version": "6.2.6.b"
      },
      {
        "model": "speedtouch 7g router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "alcatel",
        "version": "*"
      },
      {
        "model": "speedtouch 7g router",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "speedtouch 7g router",
        "scope": null,
        "trust": 0.6,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": "tg585 router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "thomson",
        "version": "0"
      },
      {
        "model": "home hub .b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "6.2.6"
      },
      {
        "model": "home hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "6.2.2.6"
      },
      {
        "model": "home hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "0"
      },
      {
        "model": "speedtouch 7g",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "db": "BID",
        "id": "25972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6.b",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adrian Pastor\u203b m123303@richmond.ac.uk",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-5383",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2007-5383",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-28745",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5383",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-197",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-28745",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues. BT Home Hub and Speedtouch 7G are both home wireless Internet routers. \n\n\u00a0Multiple security vulnerabilities exist in BT Home Hub and SpeedTouch 7G routers, allowing malicious users to perform cross-site footsteps, cross-site request spoofing, script injection attacks, or bypass certain security restrictions. \n\n\u00a01) Input validation errors when processing URLs may allow attackers to access and change password-protected resources, such as configuration and settings pages, through specially crafted URLs containing two slashes. \n\n\u00a02) Failure to perform proper filtering before recording the login user name may allow the injection of arbitrary HTML and script code. If the user browses the log, it will be executed in the user\u0027s browser session. \n\n\u00a03) As the input to the name parameter is not properly filtered, arbitrary HTML and script code may be executed in the user\u0027s browser session. \n\n\u00a04) Failure to properly filter the input of url parameters in the cgi / b / ic / connect / file may result in the execution of arbitrary HTML and script code in the user\u0027s browser session. \n\n\u00a05) The device does not perform validity checks on user requests, allowing users to perform certain operations through HTTP requests. If the logged-in administrator visits a malicious site, this may cause the administrator password to be changed. \n\n\u00a06) Users can directly access certain pages, such as the Wireless Security page, through the URL without authentication. \n\n\u00a07) The administrative user can save the backup or load the configuration file through the URL, and these files should only be accessed by the tech account. \nSuccessful exploits of many of these issues will allow an attacker to completely compromise the affected device. NOTE: \u0027/\u0027 (slash) vectors are covered by CVE-2007-5383",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "db": "BID",
        "id": "25972"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5383",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "25972",
        "trust": 2.0
      },
      {
        "db": "SREASON",
        "id": "3213",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2007-5927",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20071008 BT HOME FLUB: PWNIN THE BT HOME HUB",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "41271",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-28745",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "db": "BID",
        "id": "25972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "id": "VAR-200710-0018",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      }
    ],
    "trust": 0.975
  },
  "last_update_date": "2023-12-18T11:39:48.732000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.alcatel-lucent.com/alcatel/"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.bt.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
      },
      {
        "trust": 2.0,
        "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/25972"
      },
      {
        "trust": 1.7,
        "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
      },
      {
        "trust": 1.7,
        "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/3213"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5383"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5383"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/41271"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/481835/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.homehub.bt.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.gnucitizen.org/blog/call-jacking"
      },
      {
        "trust": 0.3,
        "url": "http://www.thomson.net/en/home/minisites/bap/telecom/subcategory.html?category=dsl%20modems"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/481835"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/486081"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/517314"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "db": "BID",
        "id": "25972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "db": "BID",
        "id": "25972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "date": "2007-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "date": "2007-10-08T00:00:00",
        "db": "BID",
        "id": "25972"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "date": "2007-10-12T01:17:00",
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "date": "2007-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2007-5927"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-28745"
      },
      {
        "date": "2011-04-04T20:05:00",
        "db": "BID",
        "id": "25972"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      },
      {
        "date": "2018-10-15T21:44:13.623000",
        "db": "NVD",
        "id": "CVE-2007-5383"
      },
      {
        "date": "2007-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BT Home Hub Used in  Thomson/Alcatel SpeedTouch 7G Vulnerability to gain administrator access on router",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002762"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-197"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2007-5383

Vulnerability from fkie_nvd - Published: 2007-10-12 01:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securityreason.com/securityalert/3213
cve@mitre.org	http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
cve@mitre.org	http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/	Exploit
cve@mitre.org	http://www.gnucitizen.org/projects/router-hacking-challenge/
cve@mitre.org	http://www.securityfocus.com/archive/1/481835/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/489009/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/25972	Exploit
cve@mitre.org	http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41271
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3213
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/projects/router-hacking-challenge/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/481835/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489009/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25972	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41271

Impacted products

	Vendor	Product	Version
	alcatel	speedtouch_7g_router	*
	bt	home_hub	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:alcatel:speedtouch_7g_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59E071E9-1B08-4BAE-B4E0-3653078ECE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:bt:home_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43343DF4-0554-4824-A165-317E3EF424DD",
              "versionEndIncluding": "6.2.6.b",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
    },
    {
      "lang": "es",
      "value": "El router Thomson/Alcatel SpeedTouch 7G, como es usado por el BT Home Hub versi\u00f3n 6.2.6.B y anteriores, permite a atacantes remotos sobre una intranet  omitir la autenticaci\u00f3n y conseguir acceso administrativo por medio de vectores que incluyen un car\u00e1cter \u0027/\u0027 (barra diagonal) al final del PATH_INFO en cgi/b, tambi\u00e9n se conoce como \"double-slash auth bypass\". NOTA: atacantes remotos fuera de la intranet pueden explotar esto aprovechando una vulnerabilidad de tipo CSRF separada. NOTA: SpeedTouch 780 tambi\u00e9n podr\u00eda estar afectado por algunos de estos problemas."
    }
  ],
  "id": "CVE-2007-5383",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-12T01:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3213"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25972"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5383 (GCVE-0-2007-5383)

GSD-2007-5383

GHSA-XF6W-J33H-544M

VAR-200710-0018

FKIE_CVE-2007-5383

Tags

Sightings

Nomenclature