[afnog] Vulnerable Huawei modem

[Loganaden Velvindron]

On Sat, Oct 14, 2017 at 11:13 PM, Daniel Shaw <daniel at afrinic.net> wrote:
> On 14/10/2017, 11:22, Loganaden Velvindron      typed:
>>
>> We has been poking around the Huawei HG8245H which is widely deployed
>> in Mauritius. We discovered that it's using an old version of DNSmasq:
>
> They also have an even more serious issue: The bigger issue is that they all also have a hard-coded admin login/password that (effectively) cannot be changed. [1].
>
> The only mitigating measure that can practically be taken for this is to disable web access on the wan (that is from the internet). However, this is also not the default. The default as handed to consumers out the box, is full admin access by web interface to the global internet.

At my place, Access to the HTTP admin interface is disabled via WAN.
In ONT ACCESS CONFIGURATION, it was disabled when they came to deploy
Fiber. If they enable it at your place and other customers, then it's
an issue. The password is encoded using base64.

However, they didn't enable SSH on my modem. Only telnet was
available. I had to manually enable SSH to avoid using telnet.

>
> As you can guess, few people realise this.
>
> Consequently, the majority of these devices are wide open anyway.
>
> - Daniel
>
>
> [1] It *can* actually be changed, but this involves saving the config, which downloads with a .xml extension, but it actually aes encrypted. You can decrypt this (apparently) with a windows-only binary that is obtainable from Huwaie, after creating a login profile.
> The decrypted xml can then be modified, re-encrypted and uploaded to be applied.
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog