Public Huawei document I linked couple days ago mentioned factory diagnostics tool called " Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.
Showing posts with the label Bad Idea
- Other Apps
You're supposed to be able to use "BBB-eMMC-flasher" images to flash new OS directly from SD card. For whatever reason this sometimes fails to work. People blame power supplies which probably is one reason but not this time. In my case when trying to use BBB-eMMC-flasher image BBB started flashing all four user leds in sync without ever even attempting to flash image to eMMC.