Remote code exec hijack hole found in Huawei 4G USB modems

Positive Technologies researchers Timur Yunusov and Kirill Nesterov have found since-patched remote execution and denial of service vulnerabilities in a popular Huawei 4G USB modem that can allow attackers to hijack connected computers.

The Huawei E3272 USB modem sells from about US$120 on Amazon.

Researchers say the vulnerabilities are exploitable through malicious packets sent to the device's gateway, and thanks to cross-site scripting (XSS) and stack overflow holes.

"By exploiting detected flaws, an intruder can gain rights on a remote modem, take control over the computer connected to the vulnerable modem, and obtain access to the subscriber's account in the mobile operator's portal," the researchers say.

"Moreover, attacks on SIM cards via binary SMS messages allow an attacker to intercept and decrypt a subscriber's traffic, track his or her location, and block the SIM card.

The work reported this month and patched August came from the "large-scale research" on six 4G USB modems running 30 firmware variants.

Huawei says in a notice that a denial of service attack can be triggered through malicious packets sent to the Common Gateway Interface of Huawei devices.

The research team has wrecked 4G modems before. In November it revealed massive holes allowing hackers to send SMS to 4G modems and gain a beachhead on connected machines.

That attack included the possibility of targeting computers on European trains through track switching mechanisms. ®