Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Huawei Router - Authentication Bypass" module is designed to detect a vulnerability in Huawei routers that allows for authentication bypass. This vulnerability is classified as critical and has a CVSS score of 10.0, indicating its severity. The module was authored by gy741.
If exploited, this vulnerability allows an attacker to bypass authentication on Huawei routers. The default password for these routers is the last 8 characters of the device's serial number, which can be easily obtained. This unauthorized access can lead to unauthorized configuration changes, data breaches, and potential compromise of the entire network.
The module works by sending an HTTP request to the router's API endpoint "/api/system/deviceinfo" and then matching the response against specific conditions. The request template is as follows:
GET /api/system/deviceinfo HTTP/1.1
Host: <Hostname>
Accept: application/json, text/javascript, */*; q=0.01
Referer:
The module's matching conditions include:
- The response status must be 200. - The response body must contain the words "DeviceName", "SerialNumber", and "HardwareVersion".If all the matching conditions are met, the module reports a vulnerability, indicating that the router is susceptible to authentication bypass.