CVE-2007-5384

Name of the Vulnerable Software and Affected Versions: Thomson/Alcatel SpeedTouch 7G router versions 6.2.6.B and earlier BT Home Hub version 6.2.6.B and earlier SpeedTouch 780 (affected versions not specified)

Description: The issue allows remote attackers to perform actions as administrators via unspecified POST requests. This can be demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. An authentication bypass can be leveraged to exploit this issue in the absence of an existing administrative session.

Recommendations: For Thomson/Alcatel SpeedTouch 7G router versions 6.2.6.B and earlier, consider restricting access to administrative functions until a fix is available. For BT Home Hub version 6.2.6.B and earlier, restrict inbound remote-assistance HTTPS sessions on TCP port 51003 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.