Huawei products riddled with backdoors, zero days and critical vulnerabilities

June 26, 2019
  • 29 percent of all devices tested had at least one default username and password stored in the firmware.
  • 76 instances of firmware where the device was, by default, configured such that a root user with a hard-coded password could log in over the SSH protocol, providing for default backdoor access.
  • Eight different firmware images were found to have pre-computed authorized_keys hard coded into the firmware.
  • 424 different firmware images contained hardcoded private SSH keys
prestitial ad