[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Huawei EchoLife HG520 Remote Information Disclosure

Author
hkm
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11889
Category
remote exploits
Date add
19-04-2010
Platform
hardware
===================================================
Huawei EchoLife HG520 Remote Information Disclosure
===================================================

# Exploit Title: Huawei EchoLife HG520 Remote Information Disclosure
# Date: 2010-04-19
# Author: hkm
# Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660
# Firmware Versions: 3.10.18.7-1.0.7.0
#                    3.10.18.5-1.0.7.0
#                    3.10.18.4
# Software Versions: V100R001B120Telmex
#                    V100R001B121Telmex
# Exploit Download Link:
# http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
# http://www.exploit-db.com/sploits/HG520_udpinfo.tar.gz
 
 
By sending a specially crafted UDP packet you can remotely obtain the
following information: software and firmware versions, MAC, local and
remote IP, model and PPPoE credentials in clear text.
 
The files required to reproduce this vulnerability can be downloaded
from:
 
  http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
 
Requires Python, Scapy and Tcpdump. The way you run this program to test
a local modem is:
 
  ~# python udp520.py
 
For a remote modem:
 
  ~# python udp520.py <remoteIP>
 
 
* If you can't see the response packet, try using Wireshark.
* If "No module named all" error shows up, install scapy from source.



#  0day.today [2024-12-25]  #