BT Home Hub - SSID Script Injection Vulnerability

Product BT Home Hub Wireless ADSL Router
Severity Medium
CVE Reference N/A
Type BT Home Hub – SSID Script Injection Vulnerability

The BT Home Hub administrative web interface has been identified as being vulnerable to a script injection attack that could allow remote attackers to compromise the security of the device by performing Cross Site Scripting Attacks (XSS).

An attacker could set up a fake access point broadcasting specially crafted 802.11 ‘beacon’ packets containing a malicious payload in the Service Set Identifier (SSID). The malicious SSID will be displayed in the Accessible Access Points Table page of the BT Home Hub administrative interface and will be executed when an administrator scans for wireless access points.