Nmap Development mailing list archives
Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others
From: David Fifield <david () bamsoftware com>
Date: Thu, 24 May 2012 13:39:18 -0700
On Thu, May 24, 2012 at 03:28:12PM -0500, Paulino Calderon wrote:
On 22/05/2012 04:36 p.m., David Fifield wrote:On Thu, May 17, 2012 at 08:29:35PM -0500, Paulino Calderon wrote:On 17/05/2012 08:03 p.m., Paulino Calderon wrote:Hi list, Here is my NSE script for detecting and extracting information from vulnerable Huawei modems. I know that these modems are popular in México (Over 2 million devices here), Spain, Italy, Ecuador and other countries in south america but let me know if you know other ISPs using them. I also know Colombia have a lot of them but they have patched versions over there. This vulnerability was reported a long time ago but ISPs don't seem interested in fixing it any time soon.Here is the fixed version. UTF-8 characters got replaced somehow.I'm wondering if we should use Lua string escapes instead of literal UTF-8 bytes, to protect against someone using an editor in the future that changes the encoding. So in place of 'Modelo de módem:', use 'Modelo de m\195\179dem:'. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived athttp://seclists.org/nmap-dev/Yes. That's a great idea. My copy got damaged over a copy/paste from a Virtualbox machine. Here is the updated version that also sets the service's product information.
Thanks, looks good. Are there any suggestions about the script name? Maybe http-huawei-hg5xx-vuln? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 17)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 17)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Aleksandar Nikolic (May 17)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 18)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 18)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Aleksandar Nikolic (May 17)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 22)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 24)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 24)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 24)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 27)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 17)