Details of VAR-200805-0386

ID

VAR-200805-0386

TITLE

BT Home Hub Administrator Password Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2008-2629

DESCRIPTION

BT Home Hub is a wireless Internet router for home use. The latest firmware version of BT Home Hub adds a new security feature that allows the default administrator password to be changed from admin to the serial number of the router, but as long as the MDAP multicast request is sent to the network where the router is located, the Home Hub sequence can be obtained. number. To exploit this vulnerability, an attacker must join the LAN where the Home Hub is located via ethernet or Wi-Fi. There are two ways to hack into the BT Home Hub Wi-Fi network: - arp playback injection and weak IV cracking - guess the Home Hub's default WEP key list by SSID violence. Exploiting this issue can allow an unauthenticated remote attacker to harvest the administrator password of the device. This can facilitate the complete compromise of the device and may aid in launching further attacks on computers routed through the device. This issue affects Home Hub firmware 6.2.6.E

Trust: 0.81

sources: CNVD: CNVD-2008-2629 // BID: 29387

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2008-2629

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	bt	model:	home hub .e	scope:	eq	version:	6.2.6	Trust: 0.3

sources: CNVD: CNVD-2008-2629 // BID: 29387

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2008-2629
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2008-2629
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2008-2629

THREAT TYPE

network

Trust: 0.3

sources: BID: 29387

TYPE

Design Error

Trust: 0.3

sources: BID: 29387

EXTERNAL IDS

db:	BID	id:	29387	Trust: 0.9
db:	CNVD	id:	CNVD-2008-2629	Trust: 0.6

sources: CNVD: CNVD-2008-2629 // BID: 29387

REFERENCES

url:	http://www.productsandservices.bt.com/consumerproducts/displaytopic.do?topicid=16536	Trust: 0.3
url:	http://www.gnucitizen.org/blog/dumping-the-admin-password-of-the-bt-home-hub/#comment-122272	Trust: 0.3
url:	http://www.gnucitizen.org/blog/dumping-the-admin-password-of-the-bt-home-hub-pt-2/	Trust: 0.3
url:	/archive/1/492642	Trust: 0.3

sources: BID: 29387

CREDITS

Adrian Pastor from GNUCITIZEN

Trust: 0.3

sources: BID: 29387

SOURCES

db:	CNVD	id:	CNVD-2008-2629
db:	BID	id:	29387

LAST UPDATE DATE

2022-05-17T01:44:21.051000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2008-2629	date:	2014-01-27T00:00:00
db:	BID	id:	29387	date:	2008-05-27T18:53:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2008-2629	date:	2008-05-27T00:00:00
db:	BID	id:	29387	date:	2008-05-27T00:00:00