CVE-2020-11447 Information

Description

An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor’s physical access to the device.

Reference

https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems https://0xem.ma/posts/HH3K-CVE/