Huawei Ar Firmware V200r001 Remote Code Execution Vulnerability
13 Jan. 2017
Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm.
Some Huawei products have two security vulnerabilities caused by improper encryption mechanisms.
Users can select reversible or irreversible encryption algorithms to encrypt passwords. If a reversible encryption algorithm is used to encrypt the password of an administrator account, an attacker can obtain the administrator right and crack the encryption algorithm.