Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security experts stated at the Defcon hacking convention.
Huawei is one of the fastest-growing network and telecommunications equipment makers in the world. The vulnerabilities were discovered and presented by Felix Lindner and Gregor Kopf of the security firm Recurity Labs. They talks about three vulnerabilities demonstrated at the Defcon conference, which included a session hijack, a heap overflow, and a stack overflow, and the discussion of more than 10,000 calls in the firmware code that went to sprintf, an insecure function.
The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series). With a known exploit, an attacker could get access to the systems, log in as administrator, change the admin passwords and reconfigure the systems, which would allow for interception of all the traffic running through the routers.
Both Lindner and Kopf have criticized Huawei for not having a security contact, as well as for its lack of security advisories for its products. Additionally, the researchers say firmware updates don't talk about bugs that may have been fixed.
A U.S.-based Huawei representative provided CNET with the following statement:
We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protect the network security of our customers and abides by industry standards and best practices in security risk and incident management. Huawei has established a robust response system to address product security gaps and vulnerabilities, working with our customers to immediately develop contingency plans for all identified security risks, and to resolve any incidents in the shortest possible time. In the interests of customer security, Huawei also calls on the industry to promptly report all product security risks to the solutions provider so that the vendor's CERT team can work with the relevant parties to develop a solution and roll-out schedule.