Nmap Development mailing list archives

Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others

From: Paulino Calderon <paulino () calderonpale com>
Date: Sun, 27 May 2012 14:20:41 -0500

On 24/05/2012 03:28 p.m., Paulino Calderon wrote:

On 22/05/2012 04:36 p.m., David Fifield wrote:

On Thu, May 17, 2012 at 08:29:35PM -0500, Paulino Calderon wrote:

On 17/05/2012 08:03 p.m., Paulino Calderon wrote:

Hi list,

Here is my NSE script for detecting and extracting information

>from vulnerable Huawei modems. I know that these modems are

popular in México (Over 2 million devices here), Spain, Italy,
Ecuador and other countries in south america but let me know if
you know other ISPs using them. I also know Colombia have a lot of
them but they have patched versions over there. This vulnerability
was reported a long time ago but ISPs don't seem interested in
fixing it any time soon.

Here is the fixed version. UTF-8 characters got replaced somehow.

I'm wondering if we should use Lua string escapes instead of literal
UTF-8 bytes, to protect against someone using an editor in the future
that changes the encoding. So in place of
    'Modelo de módem:',
use
    'Modelo de m\195\179dem:'.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived athttp://seclists.org/nmap-dev/

Yes. That's a great idea. My copy got damaged over a copy/paste from aVirtualbox machine. Here is the updated version that also sets theservice's product information.

Cheers.



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

This was submitted as script "http-huawei-hg5xx-vuln.nse" in r28721.

Cheers.

--
Paulino Calderón Pale
Website: http://calderonpale.com
Twitter: http://twitter.com/calderpwn

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 17)
- Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 17)
  - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Aleksandar Nikolic (May 17)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 18)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 18)
  - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 22)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 24)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others David Fifield (May 24)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 24)
    - Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others Paulino Calderon (May 27)