Huawei EchoLife HG520c Information DisclosureHuawei EchoLife HG520c Information Disclosure
Summary
Huawei EchoLife HG520 modems are vulnerable to an information disclosure vulnerability. Sensitive modem information can be accessed using a public URL in modems with the web interface activated.
Description
===========================================
HUAWEI ECHOLIFE HG520c Information Disclosure
===========================================
Device: EchoLife HG520c
Software Version: V100R001B021Telmex
V100R001B020Telmex
Firmware Version: 3.10.18.7-1.0.7.0 (ultima version)
3.10.18.5-1.0.7.0
Vulnerable Models: HG520c
Publication date: 2010-05-16
Criticality level: Low
Impact: Information Disclosure
Where: Web administration interface (LAN/WAN)
Websec Advisory: ws10-11
[Description]
=================
The page '/Listadeparametros.html' reveals important information such as
software version, internal IP, SSID, etc. No authentication is required.
[Exploit]
=================
From LAN or Client-Side just open '/Listadeparametros.html':
http://192.168.1.254/Listadeparametros.html
In case of having the admin interface enabled in WAN:
http://
POC
http://192.168.1.254/Listadeparametros.html
http://
YOUTUBE
TWITTER
FACEBOOK
BLOG
EMAIL US