Researcher pinpoints significant vulnerabilities in Quanta routers
Researcher Pierre Kim found over 20 serious vulnerabilities in the firmware of several Quanta LTE and 4G routers.
Calling the technology “badly designed,” Kim said he found over 20 significant flaws in the firmware for Quanta's LTE QDH Router device, as well as its QDH, UNE, MOBILY and Yoomee 4G routers.
“At best, the vulnerabilities are due to incompetence; at worst it is a deliberate act of security sabotage from the vendor,” Kim wrote.
Vulnerabilities identified by Kim include the presence of backdoor accounts that can bypass HTTP authentication, a webinterface information leak that allows attackers to access sensitive data without authentication, and remote code execution (RCE) flaws in the ping API and traceroute API.