module
Huawei HG532n Command Injection
| Disclosed | Created |
|---|---|
| 2017-04-15 | 2018-05-30 |
Disclosed
2017-04-15
Created
2018-05-30
Description
This module exploits a command injection vulnerability in the Huawei
HG532n routers provided by TE-Data Egypt, leading to a root shell.
The router's web interface has two kinds of logins, a "limited" user:user
login given to all customers and an admin mode. The limited mode is used
here to expose the router's telnet port to the outside world through NAT
port-forwarding.
With telnet now remotely accessible, the router's limited "ATP command
line tool" (served over telnet) can be upgraded to a root shell through
an injection into the ATP's hidden "ping" command.
HG532n routers provided by TE-Data Egypt, leading to a root shell.
The router's web interface has two kinds of logins, a "limited" user:user
login given to all customers and an admin mode. The limited mode is used
here to expose the router's telnet port to the outside world through NAT
port-forwarding.
With telnet now remotely accessible, the router's limited "ATP command
line tool" (served over telnet) can be upgraded to a root shell through
an injection into the ATP's hidden "ping" command.
Author
Ahmed S. Darwish darwish.07@gmail.com
Platform
Linux
Architectures
mipsbe
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.