VAR-201004-0518
Vulnerability from variot - Updated: 2022-05-17 02:04Huawei EchoLife HG520 is a wireless router of the SOHO series. Huawei EchoLife HG520 lacks the correct access restrictions for the 'AutoRestart.html' script, and an attacker can exploit the vulnerability without having to verify the reboot device. Huawei EchoLife HG520 is a family gateway series designed for home Internet and home office. If the remote user submits an index variable longer than 7 characters to the /rpLocalDeviceJump.html page of the EchoLife HG520 management console, the device will reboot. Use of this vulnerability requires certification. The Huawei EchoLife HG520c is prone to an authentication-bypass vulnerability. Attackers can leverage this issue to restart the device without proper authentication. Successful exploits may lead to other attacks. The following Huawei EchoLife HG520c firmware and software versions are vulnerable: Firmware 3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0, 3.10.18.4 Software Versions: V100R001B120Telmex, V100R001B121Telmex. ----------------------------------------------------------------------
Secunia CSI + Microsoft SCCM
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
TITLE: Huawei HG520 Two Vulnerabilities
SECUNIA ADVISORY ID: SA39491
VERIFY ADVISORY: http://secunia.com/advisories/39491/
DESCRIPTION: Two vulnerabilities have been reported in Huawei HG520, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).
1) An unspecified error in the handling of UDP packets can be exploited to view the device configuration data (e.g. PPPoE credentials used to access the ISP's network) via a specially crafted packet sent to port 43690 .
2) The device does not properly restrict access to the AutoRestart.html script.
SOLUTION: Restrict access to the device to trusted hosts only (e.g. via network access control lists).
PROVIDED AND/OR DISCOVERED BY: hkm
ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12297 http://www.exploit-db.com/exploits/12298
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201004-0518",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "echolife hg520c",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "3.10.18.7-1.0.5.0"
},
{
"model": "echolife hg520c",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "3.10.18.7-1.0.7.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "echolife hg520",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "3.10.18.4"
},
{
"model": "echolife hg520",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "3.10.18.5-1.0.7.0"
},
{
"model": "echolife hg520",
"scope": "eq",
"trust": 0.6,
"vendor": "huawei",
"version": "3.10.18.7-1.0.7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"db": "BID",
"id": "39650"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "hkm",
"sources": [
{
"db": "BID",
"id": "39650"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei EchoLife HG520 is a wireless router of the SOHO series. Huawei EchoLife HG520 lacks the correct access restrictions for the \u0027AutoRestart.html\u0027 script, and an attacker can exploit the vulnerability without having to verify the reboot device. Huawei EchoLife HG520 is a family gateway series designed for home Internet and home office. If the remote user submits an index variable longer than 7 characters to the /rpLocalDeviceJump.html page of the EchoLife HG520 management console, the device will reboot. Use of this vulnerability requires certification. The Huawei EchoLife HG520c is prone to an authentication-bypass vulnerability. \nAttackers can leverage this issue to restart the device without proper authentication. Successful exploits may lead to other attacks. \nThe following Huawei EchoLife HG520c firmware and software versions are vulnerable:\nFirmware 3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0, 3.10.18.4\nSoftware Versions: V100R001B120Telmex, V100R001B121Telmex. ----------------------------------------------------------------------\n\n\n Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nHuawei HG520 Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA39491\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39491/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Huawei HG520, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation and cause a DoS (Denial of Service). \n\n1) An unspecified error in the handling of UDP packets can be\nexploited to view the device configuration data (e.g. PPPoE\ncredentials used to access the ISP\u0027s network) via a specially crafted\npacket sent to port 43690 . \n\n2) The device does not properly restrict access to the\nAutoRestart.html script. \n\nSOLUTION:\nRestrict access to the device to trusted hosts only (e.g. via network\naccess control lists). \n\nPROVIDED AND/OR DISCOVERED BY:\nhkm\n\nORIGINAL ADVISORY:\nhttp://www.exploit-db.com/exploits/12297\nhttp://www.exploit-db.com/exploits/12298\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"db": "BID",
"id": "39650"
},
{
"db": "PACKETSTORM",
"id": "88794"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "39650",
"trust": 1.5
},
{
"db": "EXPLOIT-DB",
"id": "12297",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2010-0684",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2010-0691",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2010-0667",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "39491",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "12298",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "88794",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"db": "BID",
"id": "39650"
},
{
"db": "PACKETSTORM",
"id": "88794"
}
]
},
"id": "VAR-201004-0518",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
}
],
"trust": 2.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.8
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
}
]
},
"last_update_date": "2022-05-17T02:04:52.878000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.3,
"url": "http://www.exploit-db.com/exploits/12297"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/39650http"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/mobileweb/en/products/view.do?id=660"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39491/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://www.exploit-db.com/exploits/12298"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"db": "BID",
"id": "39650"
},
{
"db": "PACKETSTORM",
"id": "88794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"db": "BID",
"id": "39650"
},
{
"db": "PACKETSTORM",
"id": "88794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"date": "2010-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"date": "2010-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"date": "2010-04-22T00:00:00",
"db": "BID",
"id": "39650"
},
{
"date": "2010-04-22T06:51:06",
"db": "PACKETSTORM",
"id": "88794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0684"
},
{
"date": "2010-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0691"
},
{
"date": "2010-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0667"
},
{
"date": "2010-04-22T00:00:00",
"db": "BID",
"id": "39650"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "39650"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Huawei EchoLife HG520c \u0027AutoRestart.html\u0027Verification Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0684"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "39650"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…