Router, Huawei, HG8245H, Vulnerability

Vulnerability Compilation on Huawei HG8245H Routers

Yo! Following my previous post about Modem Insecurity, I kept thinking really how vulnerable we are and started digging more about it. And I came across something, which at first I didn't really know about it being a find, so I kept researching. When I was like a bit more confident about it, I contacted Irshaad and Hackers.mu to tell them about it and they said yes, it is an issue! I said wait, maybe there's more and it was the case so I'll compile them all and post it here. Well hold your breath because I promise you that you'll just scroll through them and won't read it ;)

P.S I have nothing against MT; I mean the company itself. We just want Huawei to give us a firmware upgrade. Thanks!

Bftpd (Vulnerability List)

B-ftp-d, As the name suggests, it is related to ftp (File Transfer Protocol which is a protocol allowing transfer of file between a client and a server on a network) and the "d" in the end means daemon, implying that it runs in the background. Quoting from its official website, Bftpd is a small, easy-to-configure FTP server which is fast secure and quick to install and configure.

As it is, our Huawei routers happen to use Bftpd too.

If you go to System Tools > Open Source Software Notice, you will see it listed along with the version being used too.

bftpd-version-router

Yup and as you can see the version being used on our routers are 1.6.6. After doing some research I came across some vulnerabilities Bftpd had with its previous versions, that is before the latest version which it currently supports, version 4.6! Holy Shit! (At the time I'm writing this article).

The thing is that with version < 1.8, there are 2 main vulnerabilities but with the version which concerns us, i.e version 1.6 the vulnerability is with Buffer Overflow.

Software Vulnerability Version Router Version Latest Version
Btfpd CVE-2007-2051/
CVE-2007-2010
Less than 1.8 1.6.6 4.6

BusyBox (Vulnerability List)

Quoting from its official website, BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc.

BusyBox

The version being used on our Huawei routers is 1.18.4 while the latest stable version is 1.27.2!

Software Vulnerability Version Router Version Latest Version
BusyBox CVE-2016-2148/
CVE-2016-2147/
CVE-2014-9645/
CVE-2013-1813/
CVE-2011-5325/
CVE-2011-2716/
CVE-2006-1058/
Less than 1.25.0 1.18.4 1.27.2

CUPS (Vulnerability List)

CUPS is an open source printing system created by Apple Inc. for macOS and other UNIX-like OS. A device running CUPS is a host that receive print requests from clients devices, and redirects them to the appropriate printer.

CUPS

The version being used on our routers is 1.6.1 while the latest stable release is 2.2.5. There are a lot of vulnerabilities with versions < 2.0.

Software Vulnerability Version Router Version Latest Version
CUPS CVE-2015-1159/
CVE-2015-1158
Less than 2.0.3 1.6.1 2.2.5

DNSMASQ

Read my previous post for a little insight about it. Hackers.mu was the first one to raise this issue.

ez-ipupdate (Vulnerability List)

ez-ipupdate is a client for updating dynamic hostname parameters for some websites providing that service such as dyndns.org. It sends an update only when the IP address changes.

ez-ipupdate

The version our router happens to be using is 3.0.11b7 which is the latest stable version actually. However it happens that it has flaws!

Software Vulnerability Version Router Version Latest Version
ez-ipupdate CVE-2004-0980/
CVE-2003-0887
Less than 3.0.11b8 3.0.11b7 3.0.11b7

PolarSSL (Vulnerability List)

This one's funny because following this article it is dead! :D mbed TLS (Previously known as PolarSSL) is a library that allows developers include cryptographic and SSL/TLS capabilities in their code.

PolarSSL

The latest stable release is 2.6.0 while our router still supports the version 0.10.1 of the dead one! Holy Shit!

Moreover the dead version has quite an interesting amount of vulnerabilities :)

Software Vulnerability Version Router Version Latest Version
PolarSSL CVE-2015-8036/
CVE-2015-5291/
CVE-2015-1182/
CVE-2014-9744/
CVE-2014-8628/
CVE-2014-8627/
CVE-2014-4911/
CVE-2013-5915/
CVE-2013-5914/
CVE-2013-4623/
CVE-2013-1621/
CVE-2013-0169/
CVE-2011-1923
Less than 2.x PolarSSL 0.10.1 mbed TLS 2.6.0

ppp (Vulnerability List)

ppp, Point-to-Point Protocol provides a way to establish a network connection over a serial link. It even supports IPv4 and IPv6 and even protocols above them, TCP and UDP.

ppp

Our router happens to be using version 2.4.4 while the latest stable release of ppp is 2.4.7.

Software Vulnerability Version Router Version Latest Version
ppp CVE-2015-3310/
CVE-2014-3158/
CVE-2015-1182/
CVE-2006-2194
Less than 2.4.7 2.4.4 2.4.7

radvd (Vulnerability List)

radvd (Router Advertisement Daemon) comes into play when it comes to IPv6. It helps implementing link-local advertisements of IPv6 router addresses using Neighbour Discovery Protocol.

radvd

Our router seems to be using version 1.8 while the latest stable version is 2.17! Holy Shit! And you know the trend by now, that the version we are using got plenty of vulnerabilities :)

Software Vulnerability Version Router Version Latest Version
radvd CVE-2011-3605/
CVE-2011-3604/
CVE-2011-3603/
CVE-2011-3602/CVE-2011-3601
Less than 1.8.2 1.8 2.17

Samba (Vulnerability List)

Windows and UNIX comes from 2 different cultures and however great it would have been they can't coexist together. Samba provides a solution for that. Being a system that runs on UNIX, it can talk to Windows clients like a native. Windows users can access files or use services provided by a UNIX systems using Samba.

Samba

The Samba version our router is using is 3.0.37 which is very far from the latest stable release 4.6.7. Holy Shit! And version 3.0.37 has some issues which can cause a stir :)

Software Vulnerability Version Router Version Latest Version
Samba CVE-2012-1182/
CVE-2010-2063/
CVE-2013-4124/
CVE-2013-0213/
CVE-2013-0214/
CVE-2009-2948/
CVE-2009-2906/...
OK STOP STOP STOP!!! ITS TOO LONG DAMN! Click on the above link and see for yourselves please!

udhcp Server/Client

Following the extract from its official website, this package is no longer maintained and has been integrated into BusyBox (See Above).

FFmpeg (Vulnerability List)

This one is a popular package which debian uses when it comes to multimedia framework.

The latest version being used is 3.4 "Cantor" whereas the version being used on our routers is 0.15.13. HORY SIT!

This one breaks the record. Nope I won't mention them all here, serve yourselves!

SQLite (Vulnerability List)

I don't really have to introduce this one, do I? Ok to be brief it's one of the most popular SQL Database Engine used.

sqlite

While the latest stable release is 3.20.1, our router uses 3.6.18, and the list of vulnerabilites are too great with this one for me to list. Find them here.

Zlib (Vulnerability List)

Zlib is a data compression library used in UNIX systems.

zlib

The latest stable release is version 1.2.11 and the one our router uses is 1.2.3.

Software Vulnerability Version Router Version Latest Version
Zlib CVE-2016-9843/
CVE-2016-9842/
CVE-2016-9841/
CVE-2016-9840/
CVE-2005-2096/
CVE-2005-2096
Less than 1.2.8 1.2.3 1.2.11

LZMA SDK

An open source SDK which provides the appropriate tools for LZMA Compression (An algorithm used for lossless data compression).

lzma-1

While our router uses version 4.57, the latest stable release is 17.01. Sur.. Wait what? DAMN!

gcc (Vulnerability List)

gcc, GNU Compiler Collection, is a compiler developed for the GNU OS.

gcc

Our router version is 4.4.6 while the latest stable release is 7.2!

Software Vulnerability Version Router Version Latest Version
GCC CVE-2017-11671/
CVE-2015-5276
Less than 4.6 4.4 7.2

libpcap (Vulnerability List)

pcap (Packet Capture) consists of an API to capture network traffic for network monitoring.

libpcap

The version our router uses is 1.0.0 while the latest stable release is 1.8.1.

Software Vulnerability Version Router Version Latest Version
libpcap CVE-2010-3133/
CVE-2010-2995/
CVE-2010-2994/
CVE-2009-1266/
CVE-2009-1210/
CVE-2008-3146
Less than 1.2.10 1.0.0 1.8.1

squashfs (Vulnerability List)

Quoting from its official website, it is a read-only file system that lets you compress whole file systems or single directories, write them to other devices/partitions or to ordinary files, and then mount them directly (if a device) or using a loopback device (if it is a file).

squashfs

Surprisingly enough, the version our router uses is 4.2 which is the latest stable release! Holy Shit!

However there are some vulnerabilities with that version itself.

Software Vulnerability Version Router Version Latest Version
squashfs CVE-2012-4025/
CVE-2012-4024
4.2 4.2 4.2

Well compiling all...

Software Vulnerability Version Router Version Latest Version
Btfpd CVE-2007-2051/
CVE-2007-2010
Less than 1.8 1.6.6 4.6
BusyBox CVE-2016-2148/
CVE-2016-2147/
CVE-2014-9645/
CVE-2013-1813/
CVE-2011-5325/
CVE-2011-2716/
CVE-2006-1058/
Less than 1.25.0 1.18.4 1.27.2
CUPS CVE-2015-1159/
CVE-2015-1158
Less than 2.0.3 1.6.1 2.2.5
ez-ipupdate CVE-2004-0980/
CVE-2003-0887
Less than 3.0.11b8 3.0.11b7 3.0.11b7
PolarSSL CVE-2015-8036/
CVE-2015-5291/
CVE-2015-1182/
CVE-2014-9744/
CVE-2014-8628/
CVE-2014-8627/
CVE-2014-4911/
CVE-2013-5915/
CVE-2013-5914/
CVE-2013-4623/
CVE-2013-1621/
CVE-2013-0169/
CVE-2011-1923
Less than 2.x PolarSSL 0.10.1 mbed TLS 2.6.0
ppp CVE-2015-3310/
CVE-2014-3158/
CVE-2015-1182/
CVE-2006-2194
Less than 2.4.7 2.4.4 2.4.7
radvd CVE-2011-3605/
CVE-2011-3604/
CVE-2011-3603/
CVE-2011-3602/CVE-2011-3601
Less than 1.8.2 1.8 2.17
Samba CVE-2012-1182/
CVE-2010-2063/
CVE-2013-4124/
CVE-2013-0213/
CVE-2013-0214/
CVE-2009-2948/
CVE-2009-2906/...
Find the link above and check the list.
Zlib CVE-2016-9843/
CVE-2016-9842/
CVE-2016-9841/
CVE-2016-9840/
CVE-2005-2096/
CVE-2005-2096
Less than 1.2.8 1.2.3 1.2.11
GCC CVE-2017-11671/
CVE-2015-5276
Less than 4.6 4.4 7.2
libpcap CVE-2010-3133/
CVE-2010-2995/
CVE-2010-2994/
CVE-2009-1266/
CVE-2009-1210/
CVE-2008-3146
Less than 1.2.10 1.0.0 1.8.1
squashfs CVE-2012-4025/
CVE-2012-4024
4.2 4.2 4.2

This is pretty much the vulnerabilites present in our current Huawei routers at home. Do I need to be scared? Yes of course! But no worries, we're working on something. Stay posted we will let you know!

P.S Once again, I have nothing against MT; I mean the company itself. We just want Huawei to give us a firmware upgrade. Thanks!

Until then, cya!

Bilaal.

Author image

About Bilaal Abdel Hassan

Hey! I'm Bilaal. To be brief about me, I’m a humorist and love technologies. I’m always learning what’s new in this ever-changing world and like to talk about it with my fellow friends.
  • Mauritius