BT Home Hub - SSID Script Injection Vulnerability

    Type

  • BT Home Hub – SSID Script Injection Vulnerability

    • Severity

  • Medium

    • Affected products

  • BT Home Hub Wireless ADSL Router

    • Date

  • 2010-05-10

    • CVE Reference

  • N/A

The BT Home Hub administrative web interface has been identified as being vulnerable to a script injection attack that could allow remote attackers to compromise the security of the device by performing Cross Site Scripting Attacks (XSS).

An attacker could set up a fake access point broadcasting specially crafted 802.11 ‘beacon’ packets containing a malicious payload in the Service Set Identifier (SSID). The malicious SSID will be displayed in the Accessible Access Points Table page of the BT Home Hub administrative interface and will be executed when an administrator scans for wireless access points.