Huawei Mobile Hostpot remote root code execution by SMS (user-triggered)

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, xss, CVE-2013-2612, huawei

Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to two vulnerabilities in WebUI; an XSS and a command injection.
The combination of both allows an attacker (with a little help from the victim) to remotely execute code on the device with root privileges, by sending a specifically …

Continue reading