Those scan results seem highly dubious - neither type of BT Hub 6 run such an old Linux kernel version. Sounds more like a false positive.

Hi welcome to the forum, the simplest solution would have been to reflash the router with the latest firmware you are running openwrt 7.09 the current version is 19.07 so a fair bit out of date see here  openwrt  fairly easy to do,

Incidently openwrt is not the official firmware for the hub6 

I hadn't realised that you could run OpenWRT on a Smarthub 6.

@SteveK 

Are you sure that you have a Smarthub 6 and not a hacked Home Hub 5?

Hi all & thanks for the replies.

There's not a lot that I can do to query the scan results. Our network is scanned by Security Metrics on behalf of Global Payments & HSBC. I've tried a rescan & had the same results. If I don't get a pass, I'll be charged £75.00 per month while I'm non compliant.

I had looked at flashing the latest version, but couldn't see anything after Homehub 5 & to be honest, all looked a bit beyond me. Everything is working fine apart from this & I couldn't afford to lose the internet or make things worse.

The router was bought from Ebay a year ago as a Homehub 6 & it certainly say that on the back? Maybe it had been played with before I bought it, but certainly no support at that end.  I only changed routers  as we had too many devices for the Plusnet original, the smart plugs soon add up but I don't think I could go back to turning on the kettle myself in the morning 😁

Interesting to hear what you all think. The new router will arrive tomorrow, so I'll set it up, try a rescan with my fingers crossed & post an update.

Steve

The scan results are nonsense, the BT Home Hub 6 is not listed on the Openwrt website as a supported device.

@RealAleMadrid 

Hence my question as to whether this is a HH5, which is compatible.

@SteveK what does the router GUI look like when you login ?

If it really is a HH5 running Openwrt then it should be possible to upgrade it to the latest Openwrt version which doesn't have the vulnerability

I've hopefully attached photos of the router & UI.

Well thats definitely a Home hub 6 and its running the standard BT software not Openwrt.

So I'm with the other posters, the results of the security scan are rubbish!

Thanks for the confirmation.

I will continue with a different router to hopefully avoid any further issues & have Emailed Security Metrics to will try & get an answer from them. If I get any joy will report back here. 

Steve

@SteveK just looking at the BT Hub GPL statements https://www.bt.com/help/user-guides/bt-hub--bt-voyager-and-connected-devices-gpl-code

as @ejs said earlier the BT Home Hub 6 uses a later version of the Linux kernel

Hub 6 Type A Version 3.4.11

Hub 6 Type B Version 3.10.12

In addition , as far as I can see, the bug only affects the opkg package, which from the GPL statements referenced above , is NOT used in the BT Home hub GPL code.

https://nvd.nist.gov/vuln/detail/CVE-2020-7982

Well I haven't got to the bottom of this, but have installed the new Asus router & all now ok so will just hide the old home hub away.

We have passed the scan & are now officially PCI Data Security Standard Compliant once again.

Many thanks for all of your help, this post may be useful for anyone in the same position.

Steve

Hi Steve, have exactly the same issue happen today, small business with a failed PCI scan with Security Metrics, error messages pointing to router, also using TP link wireless adapters through the BT Business smart hub - Type A into the electrical wiring system which I gather can also be an issue?

Totally out of my depth on this issue, can I ask what model of Asus Router you used to fix the issue please?

Any comments on the safety of TP wireless adapters WRT safe versions appreciated, if there is such a thing in non technical language appreciated.

Hi.

I didn’t think that I would be the only one & I’m sure there will be many others as the scan dates come up! I’m guessing it may be a genuine security problem, that gets mislabelled in the scan results, but there doesn’t seem to be any other way around it than changing routers.

I’m on Plusnet Fibre & wanted a router that sat vertically like the home hub as it had to go on a small shelf. I also have a lot of smart devices connected, which is why the original Plusnet router had to go.

I went for the ASUS DSL-AC68U AC1900 Dual-Band Wireless VDSL/ADSL 2+ Gigabit Modem Router

https://www.amazon.co.uk/gp/product/B00O27PHGY

Next day delivery on prime & all up & running very quickly without any issues. I left it a few hours to update before going for a rescan & it went straight through.

Hope that helps.

Steve