CVE-2018-9248
CRITICALFiberHome VDSL2 Modem HG 150-UB Firmware - Authentication Bypass via Cookie Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-9248. PoCs published by Noman Riffat.
AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in FiberHome VDSL2 Modem HG 150-UB due to hardcoded cookies and improper session handling. Attackers can bypass login by setting a specific cookie or manipulating HTTP response headers.
Description
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.
Exploits (1)
exploitdb
WRITEUP
by Noman Riffat · textwebappshardware
https://www.exploit-db.com/exploits/44413
The exploit describes an authentication bypass vulnerability in FiberHome VDSL2 Modem HG 150-UB due to hardcoded cookies and improper session handling. Attackers can bypass login by setting a specific cookie or manipulating HTTP response headers.
Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
FiberHome VDSL2 Modem HG 150-UB
No auth needed
Prerequisites:
Access to the target modem's login page · Ability to modify cookies or HTTP headers
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44413/
Third Party Advisory x_refsource_misc
https://gist.github.com/pak0s/cd7ac9c2ee659138816f92693d2df602
Scores
CVSS v3
9.8
EPSS
0.1525
EPSS Percentile
96.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
fiberhome/vdsl2_modem_hg_150-ub_firmware
Published
Apr 04, 2018
Tracked Since
Feb 18, 2026