Credential Exposure in FiberHome VDSL2 Modem HG150-Ub_V3.0
CVE-2022-36200

7.5HIGH

Key Information:

Vendor: Fiberhome
Status: Hg150-ub Firmware
Vendor: CVE Published:; 29 August 2022

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2022-36200?

The FiberHome VDSL2 Modem HG150-Ub_V3.0 has a significant security flaw where admin credentials are included in the URL during submissions. This exposure allows for potential interception and logging of sensitive information during transmission, leading to unauthorized access risks. Network administrators and users of affected modems should evaluate their configurations and employ additional security measures to mitigate potential threats.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-36200
Created by afaq1337

References

https://youtu.be/nHgstvq0rr8

x_refsource_MISC

https://github.com/afaq1337/CVE-2022-36200

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 29, 2022
👾
Exploit known to exist
Aug 29, 2022
Vulnerability published
Aug 29, 2022
Vulnerability Reserved
Jul 18, 2022

Fiberhome

Badges

What is CVE-2022-36200?

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline