Fortinet Discovers Huawei Home Gateway Remote Code Execution Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an unauthenticated remote code execution vulnerability in some HG655 routers shipped by the company Huawei.
Huawei manufactures a series of network routers directly competing with Linksys and Asus routers.
A malicious user can forge an UPnP SOAP request that injects operating system commands that can be executed on the device with higher privileges.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:Huawei.HG655.Remote.Code.Execution
Released Feb 27, 2018
Upgrade your router to version V100R001C02B023.
Additional Information
The normal usage scenario of
HG655m device is to be used in a home network, in such deployment usage the attacks can only be launched through the local Ethernet interface as the UPnP service port TCP/37215 is listening by default on the LAN interface only.
Timeline
·     Â
Dec 20 2017 – FortiGuard Labs contacts the Huawei PSIRT Team by email
·     Â
Dec 21 2017 – The Huawei PSIRT Team replies that they have started
their investigation
·     Â
Dec 22 2017 – The Huawei PSIRT gets the vulnerability fixed but need
more time to deploy the patch and protect their customers
·     Â
Dec 23 2017 – FortiGuard Labs agrees we can postpone the disclosure
·     Â
Jan 15 2018 - FortiGuard Labs requests updates on the disclosure
timeline
·     Â
Jan 17 2018 - The Huawei PSIRT Team requested for more time before
publication
·     Â
Feb 02 2018 - The Huawei PSIRT Team confirmed the deployment is done
and we can cooperate on the disclosure plan
·     Â
March 26 2018 – Coordinated
vulnerability disclosure