Huawei HG532n Command Injection

Posted by deepcore on April 18, 2017 – 6:18 am

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router’s web interface has two kinds of logins, a “limited” user:user login given to all customers and an admin mode. The limited mode is used here to expose the router’s telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router’s limited “ATP command line tool” (served over telnet) can be upgraded to a root shell through an injection into the ATP’s hidden “ping” command.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Watchguard Firebox / XTM XXE Injection VirusChaser 8.0 Buffer Overflow »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Huawei HG532n Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL