Security researchers have discovered a code execution vulnerability in one of Huawei. LTE USB dongle..
Part of Huawei When you connect the Huawei LTE USB Stick E3372 to your computer, users can browse the Internet using the LTE network.
However Cyber security Trustwave has discovered that it is easy to exploit device vulnerabilities. In a blog post, Martin Rakhmanov, Trustwave’s Security Research Manager, explains that one of the installed files contains a vulnerability due to lack of proper access control settings.
Future detailed reports will look at how readers are using VPNs. Please let us know your opinion in the questionnaire below. It takes less than 60 seconds.
>> Click here to start the survey in a new window <
“All the malicious user needs to do is replace the file with their own code and wait for the legitimate user to start using the cellular data service through the Huawei device,” Rakhmanov said. I am.
Knock on the wrong door
According to Trustwave, this affected file runs automatically when the user plugs in the dongle. It is designed to launch your default web browser and point to the dongle’s device management interface.
However, Huawei does not set the proper permissions on the file. This allows an authenticated user on your computer to overwrite the file.
According to Rakhmanov, a malicious user only needs to replace the contents of the file with his malicious code. When the user plugs in the dongle, the malicious code is automatically executed.
Trustwave said Register For the past few months, we have been trying to bring Huawei’s attention to this issue without any progress. It turns out that I was reporting the problem to the wrong address.
In any case, Huawei immediately released a patch to fix the file permissions when notified through the appropriate channel.
Huawei fixes a serious LTE USB stick security flaw
Source link Huawei fixes a serious LTE USB stick security flaw