Compliance Management, Patch/Configuration Management, Privacy, Vulnerability Management

Huawei won’t fix vulnerable WiMax routers

Anyone with an older Huawei WiMax router should consider throwing it out and replacing it with a newer model that doesn't suffer from the same flaws as earlier models, or at least that's what the Chinese telecommunications equipment manufacturer said when it confirmed that it won't be offering fixes for the BM635, BM632, BM631a, BM632w and BM652 versions of the router.

A South Korean security researcher had published an advisory disclosing the vulnerabilities Tuesday prompting Huawei to confirm “that the products mentioned in the report have reached End of Service.” 

In the advisory, Pierre Kim noted that the Huawei BM626e Wimax router/access point that he tested sported an “overall badly designed with a lot of vulnerabilities,” which if exploited could lead to the disclosure of device information without authentication or the hijacking of admin session cookies.

“By default, the webpage https://192.168.1.1/check.html contains important information (wimax configuration, network configuration, wifi and sip configuration ...) and is reachable without authentication” but is “easily defeated,” Kim wrote.

After Kim notified the company of the vulnerabilities, Huawei said in a security notice that it “immediately started investigation and analysis and confirmed that the products mentioned in the report have reached End of Service (EOS).”  The company explained it “has established a lifecycle management system and clarifies the product lifecycle strategy and product termination strategy, implementing lifecycle management in accordance with industry practices.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.