Menu
Flaws in Huawei WiMax routers won't be fixed, researcher says

Flaws in Huawei WiMax routers won't be fixed, researcher says

The routers in question are still used in several countries

Huawei isn't planning on patching several flaws in seven models of WiMax routers that are not being supported anymore by the company, according to a security researcher.

Pierre Kim published a list of the affected models, which are still used in countries including Ivory Coast, Iran, Iraq, Libya, the Philippines, Bahrain and Ukraine.

Kim notified Huawei of the problem on Oct. 28. He wrote that Huawei said the routers are no longer serviced by the company and would not be patched.

The routers include the EchoLife BM626 WiMax CPE and associated models running the same firmware including the BM626e, BM635, BM632, BM631a, BM632w and the BM652.

Router vulnerabilities that aren't patched pose continuing risks for users who still use them. The devices are typically something that consumers replace because of a failure, rather than on account of security vulnerabilities.

Kim tested the last firmware version available for the routers, which was released in 2013. He found problems including unauthenticated information disclosure, a cookie hijacking risk and cross-site request forgery flaws.

Kim said via email that it is difficult to estimate the number of vulnerable routers that are still in use. Since the routers are provided and configured by an ISP, there are no workarounds that can be applied by users.

"The only solution is to discard the unsupported models," he said.

Huawei officials couldn't be immediately reached for comment.

Last month, Kim found severe software vulnerabilities in more than a dozen of Huawei's 3G routers that are now out of support.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments