+91 99161 26125 info@stratops.in

If you have Huawei HG532 Router in your environment, you will have to monitor port 37215 traffic for Remote Code Execution Vulnerability.

Researchers had identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Mirai Okiru, also known as Satori. Okiku/Satori was first identified by Check Point researchers on November 23. Leading up to the discovery, researchers said they had observed a flurry of attacks worldwide against Huawei HG532 devices, with the U.S., Italy, Germany and Egypt hit the hardest.

Huawei issued an updated security notice to customers warning of the vulnerability (CVE-2017-17215). It told customers the flaw allows a remote adversary to send malicious packets to port 37215 to execute remote code on vulnerable routers.

On November 27, 2017 Huawei received a notification about a possible remote code execution vulnerability (CVE-2017-17215) regarding Huawei HG532 from Check Point Software Technologies Research Department, which also released a security advisory CPAI-2017-1016 but without detailed vulnerability information publicly. Following the situation, Huawei immediately launched an investigation. Now it has been confirmed that this vulnerability exists. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Customers can take the following measures to circumvent or prevent the exploit of this vulnerability.

(1)     Configure the built-in firewall function.

(2)     Change the default password.

(3)     Deploy a firewall at the carrier side.

(4)     Keep constant vigil on this traffic for a possible attack success.

Please follow and like us: