Researcher pinpoints significant vulnerabilities in Quanta routers

Researcher Pierre Kim found over 20 serious vulnerabilities in the firmware of several Quanta LTE and 4G routers.
Researcher Pierre Kim found over 20 serious vulnerabilities in the firmware of several Quanta LTE and 4G routers.

Routers from Taiwan-based electronic hardware manufacturer Quanta Computer are plagued with serious vulnerabilities, according to researcher Pierre Kim in his blog, A Slice of Kimchi.

Calling the technology “badly designed,” Kim said he found over 20 significant flaws in the firmware for Quanta's LTE QDH Router device, as well as its QDH, UNE, MOBILY and Yoomee 4G routers.

“At best, the vulnerabilities are due to incompetence; at worst it is a deliberate act of security sabotage from the vendor,” Kim wrote.

Vulnerabilities identified by Kim include the presence of backdoor accounts that can bypass HTTP authentication, a webinterface information leak that allows attackers to access sensitive data without authentication, and remote code execution (RCE) flaws in the ping API and traceroute API.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS