CVE-2008-1334 Information

Description

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication and read or modify administrative settings or make arbitrary VoIP telephone calls by placing a character at the end of the PATH_INFO as demonstrated by (1) 5C (encoded backslash) (2) ’’ (percent) and (3) ‘~’ (tilde). NOTE: the ‘/’ (slash) vector is already covered by CVE-2007-5383.

Reference

http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/ http://www.gnucitizen.org/projects/router-hacking-challenge/ http://www.securityfocus.com/archive/1/489009/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41271