3 Italy firmware for u-12

Friday, March 28. 2014

I got a comment from Mr. nos_com71 about 3 Italy's firmware for u-12.

The download link is to Mediafire, which definitely is not my favorite place to pick up something I'd like to run on any of my computers. But if you think you can handle it, go for https://www.mediafire.com/?jut00ju7uov988z to get it.

Little bit of FMK:ing revealed, that 3 Italy is using a classic V100R001C12SP104 (see the article about 3 Denmark's firmware with exactly the same version). The important thing is, that he pointed out that the SSH passwords are stored unencrypted in /var/sshusers.cfg. This is exactly like my version does.

So, those people who are able to use the exploit, are able to know what the SSH-passwords are. A command like
B593cmd.pl "cat /var/sshusers.cfg" will give you immediate answer and a regular
ssh admin@-the-IP-here- /bin/sh will do the rest. As I previously stated, the thing is, you need to know the admin password to the web-console and old enough firmware to have the exploit in it to be table to any of that.

by Jari Turkia in Huawei B593 at 15:41 | Comments (8) | Share in LinkedIn
(Page 1 of 1, totaling 1 entries)

Calendar

Mon Tue Wed Thu Fri Sat Sun
Back March '14 Forward
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia. License