First published: Fri Nov 17 2023(Updated: )
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.
|Affected Software||Affected Version||How to fix|
|Bell Home Hub 3000 Firmware||=sg48222070|
|Bell Home Hub 3000|
The vulnerability ID of this issue is CVE-2020-11447.
The severity level of CVE-2020-11447 is medium with a score of 4.3.
Remote authenticated users can exploit CVE-2020-11447 by retrieving the serial number via cgi/json-req.
The impact of CVE-2020-11447 is an information leak as remote authenticated users can retrieve the serial number, which is intended to prove physical access to the device.
For information on how to mitigate this vulnerability, please refer to the references provided: https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems and https://0xem.ma/posts/HH3K-CVE/