CVE-2020-11447

An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bell:home_hub_3000_firmware:sg48222070:*:*:*:*:*:*:*
cpe:2.3:h:bell:home_hub_3000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:57

Type Values Removed Values Added
References () https://0xem.ma/posts/HH3K-CVE/ - Exploit () https://0xem.ma/posts/HH3K-CVE/ - Exploit
References () https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems - Product () https://support.bell.ca/Internet/Connection-help/Access_control_in_the_Home_Hub_modems - Product

04 Sep 2024, 21:35

Type Values Removed Values Added
CWE CWE-200

25 Nov 2023, 02:26

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-17 12:15

Updated : 2024-11-21 04:57


NVD link : CVE-2020-11447

Mitre link : CVE-2020-11447

CVE.ORG link : CVE-2020-11447


JSON object : View

Products Affected

bell

  • home_hub_3000_firmware
  • home_hub_3000
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor