Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NSE: Credential disclosure in modems Huawei HG510, HG520x, HG530 and possibly others
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 May 2012 14:36:04 -0700

On Thu, May 17, 2012 at 08:29:35PM -0500, Paulino Calderon wrote:
On 17/05/2012 08:03 p.m., Paulino Calderon wrote:
Hi list,

Here is my NSE script for detecting and extracting information
from vulnerable Huawei modems. I know that these modems are
popular in México (Over 2 million devices here), Spain, Italy,
Ecuador and other countries in south america but let me know if
you know other ISPs using them. I also know Colombia have a lot of
them but they have patched versions over there. This vulnerability
was reported a long time ago but ISPs don't seem interested in
fixing it any time soon.

Here is the fixed version. UTF-8 characters got replaced somehow.

I'm wondering if we should use Lua string escapes instead of literal
UTF-8 bytes, to protect against someone using an editor in the future
that changes the encoding. So in place of
        'Modelo de módem:',
        'Modelo de m\195\179dem:'.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]