[afnog] Vulnerable Huawei modem
Loganaden Velvindron
logan at hackers.mu
Tue Oct 17 17:12:13 UTC 2017
On Tue, Oct 17, 2017 at 7:03 PM, Jean-Robert Hountomey
<hrobert at africacert.org> wrote:
> Huawei still says that they are investigating : http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171006-01-dnsmasq-en
>
> I think it is worth reaching out to their PSIRT Team and try to get an answer, fix plan from them:
> http://www.huawei.com/en/psirt/report-vulnerabilities
>
Thank you JR,
Huawei replied back 4 days ago. They acknowledged the issue and are
discussing with their production line regarding dnsmasq and also
running the process as root. dnsmasq supports running as an
unprivileged user.
However, they haven't given an ETA regarding firmware update
availability, and this is why I sent the email on afnog to ask large
huawei customers in the region to request for firmware updates.
I also sent a query regarding source code build for the firmware
(model Huawei HG8245H), as the firmware contains GPL components. Those
are not available on the website they referred me to
(http://consumer.huawei.com/en/opensource/).
Interestingly, one of their competitors (Zyxel) already has a timeline
for firmware updates:
https://www.zyxel.com/support/ci_general_20171012_787965.shtml
More information about the afnog
mailing list