Huawei Router - Authentication Bypass
ID: huawei-router-auth-bypass
Severity: critical
Author: gy741
Tags: auth-bypass,router,edb,huawei
Description
Section titled “Description”Huawei Routers are vulnerable to authentication bypass because the default password of this router is the last 8 characters of the device’s serial number which exist on the back of the device.
YAML Source
Section titled “YAML Source”id: huawei-router-auth-bypass
info: name: Huawei Router - Authentication Bypass author: gy741 severity: critical description: Huawei Routers are vulnerable to authentication bypass because the default password of this router is the last 8 characters of the device's serial number which exist on the back of the device. reference: - https://www.exploit-db.com/exploits/48310 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-288 metadata: max-request: 1 tags: auth-bypass,router,edb,huawei
http: - raw: - | GET /api/system/deviceinfo HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 Referer: {{BaseURL}}
matchers-condition: and matchers: - type: status status: - 200
- type: word words: - "DeviceName" - "SerialNumber" - "HardwareVersion" condition: and# digest: 490a0046304402207be2e4d91393289a4d00d0e4ba2066a524b69fec24a46aee4858847fc99225e40220210000d941cde5e208b36bc590ece87dbb81e933ef9defba4b929f0261a69c95:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/vulnerabilities/other/huawei-router-auth-bypass.yaml"