----------------------------------------------------------------------


  Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management

http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/


----------------------------------------------------------------------

TITLE:
Huawei HG520 Two Vulnerabilities

SECUNIA ADVISORY ID:
SA39491

VERIFY ADVISORY:
http://secunia.com/advisories/39491/

DESCRIPTION:
Two vulnerabilities have been reported in Huawei HG520, which can be
exploited by malicious people to disclose potentially sensitive
information and cause a DoS (Denial of Service).

1) An unspecified error in the handling of UDP packets can be
exploited to view the device configuration data (e.g. PPPoE
credentials used to access the ISP's network) via a specially crafted
packet sent to port 43690  .

2) The device does not properly restrict access to the
AutoRestart.html script. This can be exploited to reboot and reset
the device to the default configuration by accessing the script
directly.

SOLUTION:
Restrict access to the device to trusted hosts only (e.g. via network
access control lists).

PROVIDED AND/OR DISCOVERED BY:
hkm

ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/12297
http://www.exploit-db.com/exploits/12298

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------