Significant vulnerability on Huawei routers

Security researcher Peter Kim has revealed serious vulnerabilities on the modem / access point Huawei B260A 3G. These routers contain the username and the administrator’s password in an unencrypted cookie, which eliminates authentication and allows an attacker to change the DNS servers (CSRF without authentication), to realize a remote DoS, or to download a firmware without authentication.

Other Huawei devices could also be affected by the fault. These are models bearing the following references:

  • E960, WLA1GCPU
  • E968, WLA1GCYU
  • B970, WLA1GAPU
  • B932, WLB1TIPU
  • B933, WLB1TIPU
  • B220, WLA1GCYU
  • B260, WLA1GCYU
  • B270, WLA1GCYU
  • B972, WLA1GCYU
  • B200-20, WLB3TILU
  • B200-30, WLB3TILU
  • B200-40, WLB3TILU
  • B200-50, WLB3TILU
  • ?? , WLA1GCPU

These Huawei routers are commonly used by operators in Argentina (Claro, Movistar), Austria (H3G, Mobilkom), Germany (E-Plus, Tele2), on Brazil (Vivo, CTBC), Portugal (Optimus, VDF) or Sweden (Hi3G, Tele2, Telia). Also note that Orange uses these devices Kenya, Mali, Niger, Slovakia, Tunisia and Armenia
says Huawei routers are vulnerable end life cycle and are no longer supported by the brand . Customers are encouraged to remove these products from the production areas and replace them ç B68L and B310 models.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS