Huawei EchoLife HG520 – Remote Information Disclosure

• Exploit Database
• 15 阅读

• 作者： hkm
  日期： 2010-04-19
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/12298/

• # Exploit Title: Huawei EchoLife HG520 Remote Information Disclosure
  # Date: 2010-04-19
  # Author: hkm
  # Product Link: http://www.huawei.com/mobileweb/en/products/view.do?id=660
  # Firmware Versions: 3.10.18.7-1.0.7.0
  #3.10.18.5-1.0.7.0
  #3.10.18.4
  # Software Versions: V100R001B120Telmex
  #V100R001B121Telmex
  # Exploit Download Link:
  # http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
  # https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33869.tar.gz (HG520_udpinfo.tar.gz)
  
  
  By sending a specially crafted UDP packet you can remotely obtain the
  following information: software and firmware versions, MAC, local and
  remote IP, model and PPPoE credentials in clear text.
  
  The files required to reproduce this vulnerability can be downloaded
  from:
  
  http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
  
  Requires Python, Scapy and Tcpdump. The way you run this program to test
  a local modem is:
  
  ~# python udp520.py
  
  For a remote modem:
  
  ~# python udp520.py <remoteIP>
  
  
  * If you can't see the response packet, try using Wireshark.
  * If "No module named all" error shows up, install scapy from source.
  
  
  hkm
  
  hkm@hakim.ws
  
  
   [ Comunidad Underground de Mexico - http://www.underground.org.mx ]