Vulnerability Description
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bell | Home Hub 3000 Firmware | sg48222070 |
| Bell | Home Hub 3000 | - |
Related Weaknesses (CWE)
References
- https://0xem.ma/posts/HH3K-CVE/Exploit
- https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_Product
- https://0xem.ma/posts/HH3K-CVE/Exploit
- https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_Product
FAQ
What is CVE-2020-11447?
CVE-2020-11447 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is i...
How severe is CVE-2020-11447?
CVE-2020-11447 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11447?
Check the references section above for vendor advisories and patch information. Affected products include: Bell Home Hub 3000 Firmware, Bell Home Hub 3000.