CVE vulnerability data indicates the existence of Directory Traversal Vulnerability in Huawei HG532 Routers. The vulnerability was first published on Nov 6, 2015 and was then updated on Nov 13, 2016. According to the data published there are about 6 models of Huawei routers that can be exposed to attacks inflicted on devices connected to the LAN network.

The model numbers of the Huawei routers that are vulnerable to the detected threat are WS550-10, WS318-10, HG532s, HG532n, HG532e and HG532. These models are basically Wi-Fi routers which are commonly used to connect devices like, tablets, smart phones, computers and TVs to each other for transferring files, streaming videos, and much more.

The pre-requisite to initiate the attack on a device connected to the Huawei router is that the attacker must have access to the network of the device. Once the attacker has access to the network on which the device is connected to, it then becomes possible to carry out a path traversal attack also known as a directory traversal attack. This kind of vulnerability exposes the arbitrary files and directories that are stored outside the root folder.

The attacker can exploit the vulnerability of the Huawei router by crafting an HTTP request sent to a specific TCP port 37215. This port has been detected to be the most vulnerable aspect of the Huawei router as it does not validate any of the data packets sent to it whatsoever. This port acts as a launch pad for the entire attack and to exploit the vulnerability the attacker just needs to launch the path traversal attack by requesting http://<target_IP>:37215/icon/../../../etc/inittab. This vulnerability allows the attacker to exploit the ''crack in the wall'' making it easy to access files/information that can be used to formulate further attacks.

Responding to the vulnerabilities exposed in specific router models, the Huawei Product Security Incident Response Team (PSIRT) have stated that even though the attacker might have access to the files they won’t be able to modify or delete the files as the system won’t allow them to do so. PSIRT has also confirmed that there is no malicious use of the vulnerability described in the CVE report.

Don’t leave yourself exposed. Find your vulnerabilities before cybercriminals do. Contact us for Vulnerability Assessment and Penetration Testing.

Date Published
March 22, 2017