Skip to main content
Websec Logo
Critical December 9, 2013

Huawei HG8245 backdoor and remote access

The Huawei HG8245 ONT, firmware version V1R006C00S100 which provides cellular services, contains 3 severe vulnerabilities: two administrator accounts enabled by default and a public administration interface exposed to the Internet.

CVSS Score

9.8 / 10.0

Severity

Critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Advisory

DeviceHuawei HG8245
Hardware130C4600
SoftwareV1R006C00S100
ImpactDefault backdoor accounts on web and Telnet with non-changeable passwords

Description

The Huawei HG8245 ONT ships with two administrative backdoor accounts enabled by default. The passwords cannot be changed from any documented interface.

Backdoor Credentials

Web management interface:

admin:*6P0N4dm1nP4SS*

Telnet service:

root:admin

Because these accounts exist even on devices where the operator has changed the primary admin password, anyone with network reachability to the device can fully compromise it.

Remediation

Disable WAN-side HTTP and Telnet access. No vendor-supplied way to change the default backdoor password.

Share this advisory:

Related Security Advisories

Stay informed about other recent vulnerabilities and security advisories

Critical December 18, 2014

Command Execution and Backdoor in Zhone GPON-2520

This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.

Severity:
CVSS: 9.8
View advisory
High May 22, 2014

Huawei HG8245 / HG8247 WPA Generator

Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).

Severity:
CVSS: 7.4
View advisory
High December 19, 2013

Arbitrary Command Execution in Alcatel-Lucent I-240W-Q

The Alcatel-Lucent I-240W-Q ONT's Diagnostics page does not filter shell metacharacters in the IP address field, allowing any authenticated administrator to execute arbitrary commands as root and fully compromise the device.

Severity:
CVSS: 8.0
View advisory
View All Advisories