Details of VAR-201301-0543

ID

VAR-201301-0543

TITLE

BT Home Hub 'uuid' Field Buffer Overflow Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-00577 // BID: 57243

DESCRIPTION

BT Home Hub is a wireless Internet router for home use. A buffer overflow vulnerability exists in BT Home Hub. A sufficient boundary check was not performed due to the data provided to the user. An attacker can exploit the vulnerability to escalate permissions and execute arbitrary code with root privileges, which can cause the affected application to crash. BT Home Hub is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely crash the affected application

Trust: 0.81

sources: CNVD: CNVD-2013-00577 // BID: 57243

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-00577

AFFECTED PRODUCTS

vendor:

model:

home hub 3.0b

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2013-00577 // BID: 57243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-464

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201301-464

EXTERNAL IDS

db:	BID	id:	57243	Trust: 1.5
db:	CNVD	id:	CNVD-2013-00577	Trust: 0.6
db:	CNNVD	id:	CNNVD-201301-464	Trust: 0.6

sources: CNVD: CNVD-2013-00577 // BID: 57243 // CNNVD: CNNVD-201301-464

REFERENCES

url:	http://www.securityfocus.com/bid/57243	Trust: 1.2
url:	http://www.productsandservices.bt.com/consumerproducts/displaytopic.do?topicid=16536	Trust: 0.3
url:	https://github.com/zcutlip/exploit-poc/tree/master/bt/homehub3b	Trust: 0.3
url:	http://vimeo.com/52954499	Trust: 0.3

sources: CNVD: CNVD-2013-00577 // BID: 57243 // CNNVD: CNNVD-201301-464

CREDITS

Zachary Cutlip

Trust: 0.9

sources: BID: 57243 // CNNVD: CNNVD-201301-464

SOURCES

db:	CNVD	id:	CNVD-2013-00577
db:	BID	id:	57243
db:	CNNVD	id:	CNNVD-201301-464

LAST UPDATE DATE

2022-05-17T01:43:25.959000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00577	date:	2013-01-29T00:00:00
db:	BID	id:	57243	date:	2013-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201301-464	date:	2013-01-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-00577	date:	2013-01-29T00:00:00
db:	BID	id:	57243	date:	2013-01-08T00:00:00
db:	CNNVD	id:	CNNVD-201301-464	date:	2013-01-24T00:00:00