Authentication Bypass Vulnerability in FiberHome VDSL2 Modem Products
CVE-2018-9249

9.8CRITICAL

Key Information:

Vendor: Fiberhome
Status: Vdsl2 Modem Hg 150-ub Firmware
Vendor: CVE Published:; 4 April 2018

What is CVE-2018-9249?

The FiberHome VDSL2 Modem HG 150-UB contains a vulnerability that allows unauthorized users to bypass authentication mechanisms. This issue arises when the device fails to properly handle the JavaScript code intended for redirecting unauthenticated requests. As a result, attackers can access restricted areas of the device without proper credentials, potentially leading to exposure of sensitive data or further exploitation of the network. It is crucial for users of the FiberHome VDSL2 Modem HG 150-UB to apply necessary security measures to mitigate potential risks.

References

https://gist.github.com/pak0s/cd7ac9c2ee659138816f92693d2...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2018
Vulnerability Reserved
Apr 3, 2018

Fiberhome

What is CVE-2018-9249?

References

CVSS V3.1

Timeline