An attacker could find any device, infect it and make it part of a botnet
A critical vulnerability present in a Huawei router widely used by Internet service providers in various parts of the Americas could allow a hacker to track a device and determine if it has default credentials all without the need to connect to the router, as reported by cybersecurity specialists from the International Institute of Cyber Security.
This vulnerability (CVE-2018-7900) is present in the router panel and allows the leaking of credential information, so a hacker can search for any device with tools such as ZoomEye or Shodan to find a list of devices with default credentials without the risk of falling into a honeypot and without using brute force attacks.
Ankit Anubhav, an expert in cybersecurity, mentioned about this vulnerability: “When you look at the HTML source code on the login page, fewer variables are declared. One of these variables contains a specific value that, when monitored, can help us deduce whether a router has its factory password. Subsequently, the attacker can integrate a list of vulnerable devices with Shodan, log in and perform multiple hacking activities,” the expert mentioned.
On the other hand, Huawei has reported that it is developing a solution for this vulnerability, also claims to be working with companies that use the compromised router model for the solution to be implemented in their networks.
The cybersecurity experts who discovered the vulnerability reported that no technical details will be published on this flaw, nor has the scope of the error been detailed, although Anubhav mentioned that, during this investigation, they found an “alarming amount” of affected routers.
This is the most recent incident of operator-level equipment flaws, a trend that has become problematic due to the potential scope of such vulnerabilities.“Exploiting vulnerabilities with such features could be much more favorable to hackers than attacking a vendor with only a few hundred infected devices,” the expert mentioned. Vulnerabilities such as CVE-2018-14847 (MikroTik) and CVE-2014-8361 have been widely exploited during this year and, one point they have in common, is the large number of devices that can be affected”, the expert concluded.