N/A

The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.

N/A

N/A

BT Home Hub和Thomson/Alcatel Speedtouch 7G多个安全漏洞

BT Home Hub和Speedtouch 7G都是家用的无线Internet路由器。 BT Home Hub和SpeedTouch 7G路由器中存在多个安全漏洞，允许恶意用户执行跨站脚步、跨站请求欺骗、脚本注入攻击，或绕过某些安全限制。 1) 在处理URL时存在输入验证错误，可能允许攻击者通过包含有两个斜线的特制URL访问并更改受口令保护的资源，如配置和设置页。 2) 在记录登录用户名之前没有执行正确的过滤，可能允许注入任意HTML和脚本代码，如果用户浏览了日志就会在用户的浏览器会话中执行。 3) 由

N/A

N/A