Secunia Security Advisory - Ivan Markovic has reported some vulnerabilities in Huawei HG510, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
21d49a0a862c57cdcab2b01b68c95a2d59fe06c151a5579889e4a32ee30e738b
----------------------------------------------------------------------
Public Beta of CSI and WSUS Integration
http://secunia.com/blog/74
----------------------------------------------------------------------
TITLE:
Huawei HG510 Security Bypass and Cross-Site Request Forgery
Vulnerabilities
SECUNIA ADVISORY ID:
SA38591
VERIFY ADVISORY:
http://secunia.com/advisories/38591/
DESCRIPTION:
Ivan Markovic has reported some vulnerabilities in Huawei HG510,
which can be exploited by malicious people to bypass certain security
restrictions and conduct cross-site request forgery attacks.
1) The device allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. reboot the device or change
certain settings (including passwords).
2) The device does not properly restrict access to the rebootinfo.cgi
script. This can be exploited to reboot the device by accessing the
script directly.
Note: This can also be exploited via cross-site request forgery
attacks (see vulnerability #1).
SOLUTION:
Restrict access to the device. Do not browse untrusted websites or
follow untrusted links while logged in to the device.
PROVIDED AND/OR DISCOVERED BY:
Ivan Markovic, Network Security Solutions
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2010-02/0155.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------