According to one Anonymous Coward, according to GIGAZINE, an IT news site, Huawei's ONU and wireless LAN router "EchoLife HG8045Q" lent to NURO Hikari subscribers has a vulnerability that allows elevation of authority (NURO Hikari). The administrator account to be used in is specified, the screen that should not be seen is completely visible & root authority can be taken — GIGAZINE). Two vulnerabilities are exploited in the reproduction procedure published by GIGAZINE. The first is the problem that the master account credentials are hard-coded (meh301 / HG8045Q: Pwning the Nuro issued Huawei HG8045Q) discovered by Dr. Alex Orsholits in September this year, and the second is edited by GIGAZINE. It is a problem of authority promotion caused by a flaw in the input value verification that the department (log1n_yi) independently discovered. A master account is a privileged account used by the ISP to change the settings of the ONU lent to the subscriber, and when logging in using the master account from the web management screen, there are various restrictions that are usually restricted. Functions are available. NURO Hikari's ONU is in demand for this kind of hack to disable the inseparable router function, Alex said from the dump dumped from NAND that the master account ID is "admin_iksyomuac13" and the password is hard. It was discovered that the coded string "iksyomuac13_admin_" was added with the four suffixes of the device-specific MAC address. Furthermore, if you use this to SSH login, you can execute specific commands in a shell called "WAP" that is unique to Huawei network devices. Even a master account can usually execute only a very limited number of commands, but as a result of log1n_yi's investigation of the shell script, "a large amount of strings" "" ""> | "" BusyBox you want to execute "after the ping command By entering "commands", he discovered that the commands implemented in BusyBox can be executed with root privileges. After reporting this vulnerability to the NURO Hikari provider, it was left unattended for about a month, and the fix schedule changed from "Yes" to "No". The reason seems to be that the SSH port on the WAN side of the device in question is closed, so it is not immediately unauthorized access from the outside. Conversely, caution may be needed if the network is open to visitors in places that are accessible from the inside, such as public or commercial facilities. GIGAZINE also mentioned that NURO Hikari does not have a bug bounty program, and concludes that "the weakness of the counter response to the vulnerability was conspicuous."
Link to the source
Read Srad's Comments | IT Section | Security | Bug Related Story: There is a suspicious backdoor on two Chinese brand routers, Wavlink and Jetstream. Abuse confirmed November 26, 2020 A hacking competition will be held in China. Vulnerabilities found in major OS, browsers, and virtual environments November 12, 2020 Sony and Kioxia apply for semiconductor export license to US authorities November 04, 2020 Observation that Huawei will withdraw from smartphone business 2020 September 16 Work from home increases and contracts for home lines increase.Many home routers are ready to use June 23, 2020