Fortinet Discovers Huawei Home Gateway Remote Code Execution Vulnerability
Fortinet's FortiGuard Labs has discovered an unauthenticated remote code execution vulnerability in some HG655 routers shipped by the company Huawei.
Huawei manufactures a series of network routers directly competing with Linksys and Asus routers.
A malicious user can forge an UPnP SOAP request that injects operating system commands that can be executed on the device with higher privileges.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Feb 27, 2018
Upgrade your router to version V100R001C02B023.
The normal usage scenario of
HG655m device is to be used in a home network, in such deployment usage the attacks can only be launched through the local Ethernet interface as the UPnP service port TCP/37215 is listening by default on the LAN interface only.
· Dec 20 2017 – FortiGuard Labs contacts the Huawei PSIRT Team by email
· Dec 21 2017 – The Huawei PSIRT Team replies that they have started their investigation
· Dec 22 2017 – The Huawei PSIRT gets the vulnerability fixed but need more time to deploy the patch and protect their customers
· Dec 23 2017 – FortiGuard Labs agrees we can postpone the disclosure
· Jan 15 2018 - FortiGuard Labs requests updates on the disclosure timeline
· Jan 17 2018 - The Huawei PSIRT Team requested for more time before publication
· Feb 02 2018 - The Huawei PSIRT Team confirmed the deployment is done and we can cooperate on the disclosure plan
· March 26 2018 – Coordinated vulnerability disclosure
This vulnerability was discovered by David Maciejak of Fortinet's FortiGuard Labs.