Zyxel, Huawei Issue Security Notice for Vulnerable WiMAX Routers

The firmware in WiMAX router models from multiple vendors includes a security flaw that allows a remote, unauthenticated attacker to change the login password and take full control of the network gateway. Zyxel and Huawei have confirmed the vulnerability in several products and offer suggestions to mitigate the risks.

WiMAX (Worldwide Interoperability for Microwave Access) is a wireless communication standard similar to LTE (Long-Term Evolution) but less popular today. Despite its decline, plenty of devices still provide web connectivity through this technology.

If the devices are reachable over the internet, hackers can discover them and use them to their benefit. A flaw of this kind can be exploited to modify the device’s settings so that it redirects connections to malicious websites, to spy on the traffic, or use it for other purposes, for example, as a proxy to carry out illegal activity. Up to 100,000 vulnerable WiMAX routers are exposed on the internet, according to researchers from Sec Consult, the security consultancy firm that discovered the authentication bypass defect.

In response to Sec Consult’s disclosure, Huawei has acknowledged the presence of the vulnerability in Huawei BM2022, Huawei HES-309M, Huawei HES-319M, Huawei HES-319M2W, Huawei HES-339M. The company said that it would not release a firmware update to mitigate the problem because all the models reached end of service stage in 2014. The suggestion to users is to upgrade to newer Huawei products.

Zyxel’s reaction has a different tone, as the vendor offers a temporary solution until it finds a permanent fix. The advice is to disable remote management of the router from the web. This does not eliminate the risk completely, but it reduces the chances that the device could be caught vulnerable via internet-wide scans. Zyxel offers a timeline for fixing the issue for each susceptible WiMAX router model (MAX218M, MAX218M1W, MAX218MW, MAX308M, MAX318M, MAX338M), the last deadline being July 21.

Sec Consult disclosed the information initially to Huawei, then worked with CERT Coordination Center to alert other vendors whose products are likely affected: GreenPacket, Mada and ZTE. Many users may not even know that their network gateway is vulnerable because they receive the hardware from the Internet Service Provider (ISP) through their contract; it is also called consumer premises equipment (CPE) and most of the times its functionality is basic.

Image credit: Pixabay

Add Comment

Your email address will not be published. Required fields are marked *