DATAPUISTOKEMISTI

Public Huawei document I linked couple days ago mentioned factory diagnostics tool called  " Huawei deviceLocker V0.1" that will grant access to root shell on router. I got curious on how this would actually work and came to conclusion it must be something extremely simple and insecure, it IS Huawei after all. Did some poking around /bin/web process I figured this out - it's all there in clear-text for anyone to read. And that admin password is in Huawei docs, not exactly secret either. In case you didn't realize there's no need for authentication to exploit this. Protip: Try to hide you backdoors a bit better next time.

Perhaps you're fairly satisfied with Huawei stock firmware but would like to fix some security problems and remove spyware installed by factory. There's fairly easy way to do this.

Found this document on Huawei webpage you might be interested. It's in Microsoft Word .docx format. http://www.huawei.com/ecommunity/3msimage/download-10060827-10000297-9bca6ae8ffa54796a5245e6650b0e607.bin?type=bbs

Here's location of Huawei B593u TTL serial console. Settings are usual 115200 8N1.

There ain't many pictures showing innards of B593u around and even less ones with any details. This obviously needs to be fixed.

I think ethernet switch and wireless aren't supported by opensource drivers so even with OpenWrt booting on Huawei B593u-12 it's not much use. USB connected LTE module is not detected, my guess is that some GPIO needs to be toggled to enable it. PCA9555 GPIO expander would need some work too. Also 256MB NAND-flash is missing, only 16MB SPI flash is found.

CFE> boot -elf -tftp 192.168.1.100:openwrt-brcm47xx-mips74k-vmlinux.elf

Huawei B593 has "few" security issues. If you want to play around here's some tips.