Huawei UPnP DeviceUpgrade command injection
Added: 01/02/2018BID: 102344
Background
Huawei home routers support the DeviceUpgrade service type over the Universal Plug and Play (UPnP) protocol to facilitate upgrading of firmware.Problem
A remote authenticated attacker can execute arbitrary commands injected into the NewStatusURL XML element in a call to the DeviceUpgrade_1 resource over the Universal Plug and Play protocol.Resolution
Configure the built-in firewall function, change the default password, or deploy a firewall at the carrier side.References
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171130-01-hg532-enhttps://research.checkpoint.com/good-zero-day-skiddie/
https://thehackernews.com/2017/12/satori-mirai-iot-botnet.html
Limitations
Exploit requires the default password to be unchanged in order to succeed.Back to exploit index