CVE

CVE-2008-1334

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATH_INFO, as demonstrated by (1) %5C (encoded backslash), (2) '%' (percent), and (3) '~' (tilde). NOTE: the '/' (slash) vector is already covered by CVE-2007-5383.

View access options View sample report Ask about this record

What this profile means

This public preview summarizes the normalized record without exposing paid citation paths. Use it to decide whether the device deserves a paid report, workspace review, or direct source verification.

Record typedevice

CategoryCVE

StatusNVD CVE record

Confidence90

CVECVE-2008-1334

Source coverage preview

Public pages show source names and record counts. Paid reports unlock source URLs, citation paths, and report-generation context.

Source rows checked2

Max source confidence90

Latest source observationMay 18, 2026

CitationsLocked in paid report

NIST NVD CVE API

Paid report value

Device/security signal snapshot
Known exploited and exploitability interpretation where available
Remediation and inventory-mapping checklist
Locked source citations and monitoring path

For records that need deeper review, use the main access flow to request source-backed report context, saved workspace review, or support before relying on the public preview.

View access options View sample report Contact support

Methodology and limits

Source-backed, but still worth verifying for high-impact use.

Security records are triage intelligence and should be validated against asset inventory, firmware versions, compensating controls, and vendor advisories.

For security teams

Prioritize known exploited and high-confidence records.

For buyers

Check support and vulnerability signals before purchase.

For MSPs

Use reports and monitors for customer device review.

Questions to ask before relying on this record

What official source published this signal, and when was it last observed?
Does the record still match the current operating, legal, safety, or source context?
Are there related records under another name, jurisdiction, model, address, sponsor, or identifier?
Does this decision need human QA before money, safety, care, legal, or operational action?

Paid reports include citation paths and report-generation context; public previews intentionally hide source URLs.