Some Huawei routers offer plenty of exploits

Discussion in 'other security issues & news' started by Baserk, Aug 4, 2012.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Apr 14, 2008
    Two types of Huawei routers (SOHO and medium-business versions) were found to be seriously exploitable, as Felix Lindner and Gregor Kopf, both from German Recurity Labs showed at a Defcon lecture.

    "It's 1990s code and operating system design," said Lindner, who heads up Recurity Labs.
    "The OS has absolutely no mitigations in place; to the contrary, it even has functionality to help you exploit it."

    The two hackers have been looking at the firmware, default settings, and overall security of the routers and have concluded that just about everything you can do wrong, Huawei has done wrong.
    This starts with services such as SSH, FTP and HTTP, which can be accessed from the outside network by default; FTP can even be used to access flash memory on the router.
    The problems also include bad session management which can allow a small script to take over a session, and a concrete buffer overflow on the stack and the heap.
    And the problems don't end there.
    There are over 10,000 calls to the inherently unsafe sprintf() C-function, according to an analysis of the firmware by the security experts.

    Their Defcon presentation (PDF link) summary;
    -90’s style bugs, 90’s style exploitation, 0 operating system hardening, 0 page RWX, no security advisories, no security releases.
Thread Status:
Not open for further replies.