Router, Dnsmasq, Insecurity

Modem Insecurity - Hackers.mu

Hey! Following Hackers.mu's podcast tonight, I thought of compiling some very very basic stuffs you can do to add some layer of security to your Huawei router at home.

The thing is that Google discovered a vulnerability, related to DNSMASQ, and Hackers.mu noticed that it is found in the Huawei routers which all My.T users have at home! In addition, the firmware being used on the routers are old.

Here is the extract from Google's Blog.

Users who have deployed the latest version of Dnsmasq (2.78) will be protected from the attacks discovered here.

Google-Blog

Note: RCE means Remote Control Execution. It means that someone can run any code he wants in your router. Now let's multiply this by the number of routers in Mauritius.

And if you navigate to the System Tools > Open Source Software Notice of your router, you will notice the version being used on our routers.

dnsmasq-version

Logan introduced the topic but I missed it and came just about when Nitin started his demo.

Nitin demoed how telnet is active by default on all those routers while SSH is off.

To be brief, Telnet allows someone to access a host remotely. While SSH does the same thing, it does so securely.

Using PuTTy, I tried to access my router using Telnet and it successfully logged in.

PuTTy-1

PuTTy-2

The default login and password in most cases are as follows:

Username: root
Password: admin

Router-Login

As mentioned here, please make it a must to change it.

Now let's login to our router and see how we can change that.

  • Open up your web browser and type 192.168.100.1 in your address bar.

  • Once in try to log in with the default username and password.

Router-Browser-Login

  • Navigate to Security > ONT Access Control Configuration.

ONT-Access-Control-Configuration

As you can see, the Telnet checkbox are ticked whereas the SSH ones no. So we will change that.

Tick-SSH

  • Click on Apply and let's test it.

Back to PuTTy, when I try to Telnet now, it fails.

Telnet-Failed

On the other hand, when we SSH, it works!

SSH-Works-1

SSH-Works-2

Congratulations. You have secured your router a little bit! Now roam a bit in the config files and ensure that you change the default password at all cost!

To change the password using ssh, the "set userpasswd" command is used followed by the username of the password you want to change.

set-userpasswd

Enter your old password followed by your new one and you're done!

Next Codarren showed us the vulnerability he discovered.

wap-ps

Using "wap ps" command, a list of all processes running is displayed and the real surprise is that every single process is being run as root! (Notice how UID is 0 for all process)

List-of-Processes

And when we scroll down, we can notice how dnsmasq is being run as root too, which SHOULD NOT be the case.

dnsmasq-root

Some questions were raised among the participants and the thing is that we all need to contact Huawei for them to release a firmware update.

I hope this helps. Please note that I just detailed everything what Hackers.mu showed on his Podcast and the link can still be found below:

Special thanks to Logan for reviewing the article.

Do not waste time, secure your router now!

Until then, cya!

Author image

About Bilaal Abdel Hassan

Hey! I'm Bilaal. To be brief about me, I’m a humorist and love technologies. I’m always learning what’s new in this ever-changing world and like to talk about it with my fellow friends.
  • Mauritius