Huawei b315s22 information leak Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-12-11 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Huawei b315s22 information leak is for educational purposes only and if it is used you will do on your own risk!
/config/dialup/config.xml
/config/global/config.xml
/config/global/net-type.xml
/config/lan/config.xml
/config/pcassistant/config.xml
/config/voice/config.xml
/config/wifi/configure.xml
## After discussion with Huawei, according to them as the consequence of this vulnerability is quite low thus they marked it as a non-vulnerability.
2. Unauthenticated valid token generation [CVE-2018-7921]
It was observed that an unauthenticated user can generate “SessionID” and “__RequestVerificationToken” by simply sending an HTTP GET request to “/api/webserver/SesTokInfo”.
These tokens, although might not give the user full access to the router but using these, one can access to several restricted resources on the router.
Vulnerabilities identified – 31/07/2018
Reported to Huawei – 31/07/2018
Huwaei patched the vulnerability and issued a CVE – 31/08/2018
Public disclosure – 01/09/2018