[afnog] Vulnerable Huawei modem
Daniel Shaw
daniel at afrinic.net
Sat Oct 14 19:13:43 UTC 2017
On 14/10/2017, 11:22, Loganaden Velvindron typed:
>
> We has been poking around the Huawei HG8245H which is widely deployed
> in Mauritius. We discovered that it's using an old version of DNSmasq:
They also have an even more serious issue: The bigger issue is that they all also have a hard-coded admin login/password that (effectively) cannot be changed. [1].
The only mitigating measure that can practically be taken for this is to disable web access on the wan (that is from the internet). However, this is also not the default. The default as handed to consumers out the box, is full admin access by web interface to the global internet.
As you can guess, few people realise this.
Consequently, the majority of these devices are wide open anyway.
- Daniel
[1] It *can* actually be changed, but this involves saving the config, which downloads with a .xml extension, but it actually aes encrypted. You can decrypt this (apparently) with a windows-only binary that is obtainable from Huwaie, after creating a login profile.
The decrypted xml can then be modified, re-encrypted and uploaded to be applied.
More information about the afnog
mailing list