Huawei HG659 - Misfortune Cookie exploit

Forums › One NZ (including Farmside) › Huawei HG659 - Misfortune Cookie exploit

pdh

441 posts

Ultimate Geek
+1 received by user: 289

#160031 21-Dec-2014 02:04

Should we Vodafone customers using the Huawei HG659 router be worried about exploits targeting a weakness in some versions of Router software ? I have an HG659 on my Vodafone fiber connection.

I believe that Vodafone makes use of a remote management protocol (they have remotely changed settings on mine) - and possibly the protocol (called TR-069 ?) that may expose the flawed code (RomPager) allowing remote attack.

I have googled for any hard info - to see if I would want to shut off that protocol (at least temporarily) - but I don't find anything.

Anyone know if there's a real risk (with this model) ?

Spaghetti

23 posts

Geek
+1 received by user: 5

#1201747 22-Dec-2014 09:14

According to the Checkpoint press release about it, "Huawei - Home Gateway" is specified as vulnerable. It's not very specific on the model though. I would err on the side of caution on this.

http://mis.fortunecook.ie/misfortune-cookie-suspected-vulnerable.pdf

pdh

441 posts

Ultimate Geek
+1 received by user: 289

#1201904 22-Dec-2014 11:25

Yeah, I saw that 'Home Gateway' reference and wondered... but I believe that we have seen at least two generations of Huawei routers distributed (as an ISP standard product) here in NZ - and presumably many more throughout the rest of the world. So I thought it rather inconclusive as a threat alert for the HG-659..

I have skimmed through the set-up menus on the HG-659 and I didn't come across any reference to enabling/disabling the Remote Access. I may have missed it - or it may be on a 'secret handshake' page of settings.

There doesn't seem to be much follow-up chatter about this 'Misfortune Cookie' threat - all the stories simply parrot the same initial 'release'. Bit surprising.

Andib

1395 posts

Uber Geek
+1 received by user: 974

ID Verified

Trusted

#1201923 22-Dec-2014 11:38

pdh: Yeah, I saw that 'Home Gateway' reference and wondered... but I believe that we have seen at least two generations of Huawei routers distributed (as an ISP standard product) here in NZ - and presumably many more throughout the rest of the world. So I thought it rather inconclusive as a threat alert for the HG-659..

I have skimmed through the set-up menus on the HG-659 and I didn't come across any reference to enabling/disabling the Remote Access. I may have missed it - or it may be on a 'secret handshake' page of settings.

There doesn't seem to be much follow-up chatter about this 'Misfortune Cookie' threat - all the stories simply parrot the same initial 'release'. Bit surprising.

Are you logged in as an admin?

If you have the HG659a (Vodafone one) the login is 'Admin' / VF-NZhg659

I can't remember exactly where it is but there are two options to disable remote access. Both Tr-069 and 'Remote Access'

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

pdh

441 posts

Ultimate Geek
+1 received by user: 289

#1201976 22-Dec-2014 12:44

Thanks

Have disabled Remote Access.

I will look at this again in the New Year - as I guess there is some merit in allowing Vodafone to update the HG-659 if they need to... although I prefer the model of being alerted to the need & doing an upgrade myself.