CVE-2020-11447: Infoleak
First published: Fri Nov 17 2023(Updated: )
An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Bell Home Hub 3000 Firmware | =sg48222070 | |
| Bell Home Hub 3000 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-11447.
What is the severity level of CVE-2020-11447?
The severity level of CVE-2020-11447 is medium with a score of 4.3.
How can remote authenticated users exploit CVE-2020-11447?
Remote authenticated users can exploit CVE-2020-11447 by retrieving the serial number via cgi/json-req.
What is the impact of CVE-2020-11447?
The impact of CVE-2020-11447 is an information leak as remote authenticated users can retrieve the serial number, which is intended to prove physical access to the device.
Is there a fix available for CVE-2020-11447?
For information on how to mitigate this vulnerability, please refer to the references provided: https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems and https://0xem.ma/posts/HH3K-CVE/
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/bell
- canonical/bell home hub 3000 firmware
- version/bell home hub 3000 firmware/sg48222070