Quote:A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them.

CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simply perform a ZoomEye or Shodan IoT search to find list of the devices having default passwords – no need for bruteforcing or running the risk of running into a generic honeypot.

“When someone has a look on the html source code of login page, few variables are declared. One of the variables contain a specific value. By monitoring this specific value, one can come to the conclusion that the device has the default password,” explained Ankit Anubhav, principal researcher at NewSky Security, in a posting on Wednesday. “The attacker can simply go to ZoomEye, find a list of devices, login, and do what they want with minimal hacking skills. As easy as that.”

Huawei has issued a fix and worked with its carrier customers to implement it across networks.