WiMax routers from Huawei and ZTE are vulnerable to authentication bypass attacks

[Batu69]

Hackers could take over your router and the network behind it

A SERIES OF WIMAX routers have been fingered for a vulnerability that could let a hacker change your password, gain access and take over your device.

A security advisory from SEC Consult finds that routers from firms including Huawei, MADA, ZTE and ZyXEL are vulnerable to a hoary old vulnerability. SEC has advised the firms about the issue, and at least one - Huawei - has told consumers to stop using ancient routers for their own good.

 

"SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. An attacker can gain access to the device, access the network behind it and launch further attacks, add devices into a Mirai-like botnet or just simply spy on user," said the security firm.

 

"This vulnerability affects devices from GreenPacket, Huawei, MADA, ZTE, ZyXEL, and others. Some of the devices are accessible from the web (estimate is from 50.000 to 100.000)".

 

That is enough zeroes to be interesting. SEC Consult says that the vulnerability could lead to the user becoming part of the Mirai botnet, or just a sieve for personal information.

 

"Based on the information we got from internet-wide scan data, we know that a lot of devices expose a web server on the WAN interface. This is caused by a misconfiguration or more likely carelessness by the ISPs that provide WiMAX gateways to customers. Web interfaces are usually a good place to hunt for vulnerabilities," added the firm.

 

"The affected products are quite old, likely manufactured in the early 2010s. According to Huawei, all of their affected products are end-of-service since 2014, and will not receive any updates. We reported this vulnerability to CERT/CC who coordinated the vulnerability and released a vulnerability note (VU#350135), thanks!

 

They, unfortunately, did not get a response from ZyXEL. It's unlikely that any of the affected devices will receive updates, so the only solution is to replace them."

Before you replace them make sure you give them a good solid kicking around a car park or something.

 

Ben Herzberg, security research group manager at Imperva Incapsula agreed that going shopping is probably the best solution to the problem, but added that this kind of problem can have many ramifications and that companies should be ready for them.

 

"The lack of basic security in a wide-spread number of devices connected to the internet has caused a lot of security issues over time. From large-scale Denial of Service attacks done from a horde of infected devices, launched against a wide array of targets,  to usage for attempts to brute force accounts. This is without even mentioning the fact that the devices allows hackers to have an attack surface against the networks on which such devices are installed," he said. 

 

"This can cause organisations and users several problems including, loss of privacy (By eavesdropping to traffic, accessing CCTV systems, etc), being used as part of malicious attacks (for example DDoS attacks), and gaining a foothold on a network, to further exploit it. Hackers can exploit this quite easily, given the information released, as they can take over the administrative accounts in the devices and take control of the routers."

 

Article source