Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Huawei Mobile Partner Poor Permissions

🗓️ 12 Feb 2013 00:00:00Reported by Myo SoeType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 45 Views

Huawei Mobile Partner insecure permissions vulnerability allows local attacker to gain unauthorized privileges by replacing original application binary. No response from vendor

Code
`1. DESCRIPTION  
  
Huawei Mobile Partner application contains a flaw that may allow an  
attacker to gain access to unauthorized privileges. The issue is due  
to the application installing with insecure permissions. This allows a  
less privileged local attacker or compromised process to replace the  
original application binary with a malicious application which will be  
executed by a victim user or upon Mobile Partner application Windows  
service restart.  
  
  
2. BACKGROUND  
  
Mobile Partner is a built-in application in Huawei 3G USB modems that  
allow you to connect to the 3G mobile network for Internet access. It  
is widely used by many telcos round the world.  
  
  
3. VERSIONS AFFECTED  
  
Tested version: 23.007.09.00.203.  
  
  
4. PROOF-OF-CONCEPT/EXPLOIT  
  
//// Tested on Windows  
  
c:\>wmic service get pathname | find "Mobile Partner"  
C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe  
C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe  
  
c:\>accesschk -q "C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe"  
C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe  
RW Everyone  
RW BUILTIN\Users  
  
c:\>accesschk -q "C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe"  
C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe  
RW Everyone  
RW BUILTIN\Users  
  
c:\>accesschk -q "C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe"  
C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe  
RW Everyone  
RW BUILTIN\Users  
  
  
/// Tested on Mac  
  
YEHG:MacOS tester$ ls -Rl /Applications/Mobile\ Partner.app/ | grep  
rwxrwxrwx | grep "\(app\|mobilepartner\)"  
-rwxrwxrwx 1 root admin 82496 Oct 6 17:34 mobilepartner  
drwxrwxrwx 3 root admin 102 Oct 6 17:34 XStartScreen.app  
drwxrwxrwx 3 root admin 102 Oct 6 17:34 LiveUpd.app  
drwxrwxrwx 3 root admin 102 Oct 6 17:34 ouc.app  
  
  
5. SOLUTION  
  
The vendor has not responded to our security report for months.  
Workaround is to remove WRITE attribute permission on all Mobile  
Partner executable files for non-administrator and non-system  
accounts.  
  
  
6. VENDOR  
  
Huawei Technologies Co.,Ltd  
  
  
7. CREDIT  
  
Myo Soe, http://yehg.net, YGN Ethical Hacker Group, Myanmar.  
  
  
8. DISCLOSURE TIME-LINE  
  
2012-10-xx: Contacted the vendor through publicly mentioned emails and forums  
2013-02-11: No response  
2013-02-11: Vulnerability not fixed  
2013-02-11: Vulnerability disclosed  
  
  
9. REFERENCES  
  
Original Advisory URL:  
http://core.yehg.net/lab/pr0js/advisories/huawei_mobile_partner-insecure_permission  
  
#yehg [2013-02-11]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Feb 2013 00:00Current
0.2Low risk
Vulners AI Score0.2
huaweimobile partnerinsecure permissionslocal attackerunauthorized privilegesvendorno response
45