BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Huawei Routers Multiple Vulnerabilities

Disclosed July 30, 2012    Fully Patched

Vulnerability Description:

Multiple Huawei routers/switches are known to contain vulnerabilities relating to handling sessions, credentials, and URIs. These can be used by attackers to bypass security restrictions, hijack sessions, and execute arbitrary code on the vulnerable systems.

Vendors:

Huawei

Vulnerable Software/Devices:

Routers:
AR18/28/46 (no updates planned, workaround available)
AR19/29/49 (update available)

Switches:
S2000 series (no updates planned, workaround available)
S3000 series (no updates planned, workaround available)
S3500 series (no updates planned, workaround available)
S3900 series (no updates planned, workaround available)
S5100 series (no updates planned, workaround available)
S5600 series (no updates planned, workaround available)
S7800 series (no updates planned, workaround available)
S8500 series (update available)
 

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Attackers that exploit these vulnerabilities would be able to remotely execute arbitrary code on the target systems, completely compromising them.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 17421 - Huawei Routers Multiple Vulnerabilities (20121011) - Banner

Mitigation:

Situation 1: If both the web management and Branch Intelligent Management System (BIMS) are not used for remote configuration, use SSH to connect to the device, close the HTTP and turn off the BIMS service.
 
Situation 2: If either web management or BIMS is used to remotely configure the device, use SSH to connect to the device, and set access control list rules to limit HTTP establishment to specific source IP addresses.
 
Situation 3: If web management is unsupported, yet the HTTP port is still open, close the HTTP port.

Links:

CVE(s):

None