Thousands of Huawei routers are exposed to cyberattacks

In the year 2013, an Internet service provider warned Huawei about a security vulnerability in all of its domestic use routers. According to ethical hacking training experts from the IICS, the Chinese company updated only two of the models that used the compromised firmware.

Currently, Huawei devices are still being used by thousands of consumers and remain vulnerable; many were even compromised by the operators of the gigantic botnet Mirai, who exploited the same vulnerability reported to the company years ago.

According to the ethical hacking training experts, the vulnerability report received by Huawei in 2013 explains how a threat actor could have exploited a firmware programming error of the HG523a and HG533 gateways to hijack the compromised devices.

The Chinese company claimed that the vulnerability had already been patched, and also mentioned that all vulnerable devices would be patched. However, other entry doors used by other Internet service providers began to present the same fault; many of the compromised developments remain vulnerable to date.

According to case reports, this is easily exploitable remote code execution vulnerability.

Ethical hacking training experts have analyzed the firmware of Huawei’s domestic access point, discovering code blocks reused in multiple devices. The situation is that the company has decided to patch each compromised router, one by one, instead of implementing a general fix for all affected devices.

This situation becomes even more complicated because there are already reports of threat actors exploiting this vulnerability. The hijacking of domestic routers to integrate them into the botnet Mirai is a clear example of this exploitation campaign.

Even four years before Huawei received the report of this vulnerability, a cybersecurity firm discovered the same flaw present in another router model, thanks to an independent investigation.

The company publicly acknowledged the vulnerability until November 2017, suggesting that users might take temporary mitigation measures or replace previous model routers with updated versions.

A few months ago, a researcher discovered that Huawei’s vulnerable routers were being used to house a botnet composed of more than 18000 devices committed to a malware variant of the Mirai botnet. According to the expert, this botnet would not have existed if Huawei had launched a firmware correction for all its devices.