Release date:
Updated on:
Affected Systems:
Huawei B153 3G/UMTS Router
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61616
Huawei B153 is a mobile access device.
The firmware version of the Huawei B153 3G/UMTS router is 6.11.405.03.111sp02 and supports the WPS Protocol to facilitate user connection.
By default, WPS programs are configured to accept wps pin authentication requests. If no PIN is configured, you can only use the router button for authentication. However, even if the PIN code is configured for Huawei B153 3G/UMTS, attackers can use a specially crafted WPS connection request to make the device complete the "External Registrar" handshake to obtain the current WPA2 passphrase.
<* Source: Robert Paleari (roberto.paleari@emaze.net)
Link: http://www.securityfocus.com/archive/1/527773
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Huawei
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.huaweidevice.com.eg/Product-Description/Mobile%20Access%20Devices-B153.php