---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Huawei HG520 Two Vulnerabilities SECUNIA ADVISORY ID: SA39491 VERIFY ADVISORY: http://secunia.com/advisories/39491/ DESCRIPTION: Two vulnerabilities have been reported in Huawei HG520, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). 1) An unspecified error in the handling of UDP packets can be exploited to view the device configuration data (e.g. PPPoE credentials used to access the ISP's network) via a specially crafted packet sent to port 43690 . 2) The device does not properly restrict access to the AutoRestart.html script. This can be exploited to reboot and reset the device to the default configuration by accessing the script directly. SOLUTION: Restrict access to the device to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: hkm ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12297 http://www.exploit-db.com/exploits/12298 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------