Thursday, 8 October 2015

Huawei Will Not Patch 3G Routers Vulnerabilities

A security researcher has several 3G routers from the Chinese manufacturer Huawei network several vulnerabilities discovered that the company will not patch. It involves 14 models used by ISPs around the world, including Tele 2 and E-Plus in Germany.

According to researcher Pierre Kim devices are poorly designed and they are full of vulnerabilities. For example, the password and the name of the administrator stored in plain text in a cookie, the DNS server can be modified without valid credentials, the wifi password can be retrieved without credentials and it is possible for one of the models without authentication to adapt the firmware.

Kim Huawei warned in August about the vulnerabilities, but the Chinese manufacturer announced it will release no security updates because the devices are no longer supported. Huawei also advises users to no longer supported models to replace them with new routers. Kim then finally decided to publish his research.

No comments:

Post a Comment