Huawei Mobile Hostpot remote root code execution by SMS (user-triggered)

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, xss, CVE-2013-2612, huawei

Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to two vulnerabilities in WebUI; an XSS and a command injection.
The combination of both allows an attacker (with a little help from the victim) to remotely execute code on the device with root privileges, by sending a specifically …


Continue reading

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, CVE-2013-2612, huawei

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
________________________________________________________________________
Summary:
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command
injection vulnerability in the Web UI.

Successful exploitation allows unauthenticated attackers to execute
arbitrary commands with root privileges.
________________________________________________________________________
Details …

Continue reading