CVE-2008-1334

BT Home Hub - Unauthenticated Authentication Bypass via PATH_INFO Character Injection

Title source: llm
STIX 2.1

Description

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41271

Scores

EPSS 0.0168
EPSS Percentile 74.0%

Details

CWE
CWE-287
Status published
Products (1)
bt/home_hub
Published Mar 13, 2008
Tracked Since Feb 18, 2026