Vulnerabilities in Huawei Routers

Created: Aug 13, 2019 11:24:21Latest reply: Aug 13, 2019 12:03:24 135 6 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Security audit team found some below Vulnerabilities in Huawei Router. Please suggest for below requirements on urgent basis.

 

Vulnerability Name

Suggested Solution

Remarks

SSH Server CBC Mode Ciphers Enabled

Contact the vendor or consult product documentation to disable CBC mode cipher encryption, and enable CTR or GCM cipher mode encryption.

Please suggest command line  for given solution.

SSH Weak MAC Algorithms Enabled

Contact the vendor or consult product documentation to disable MD5 and 96-bit MAC algorithms.

Please suggest command line  for given solution.

SSL Version 2 and 3 Protocol Detection

Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.1 (with approved cipher suites) or higher instead.

Please suggest command line  for given solution.

SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)

Disable SSLv3. Services that must support SSLv3 should enable the TLS Fallback SCSV mechanism until SSLv3 can be disabled.

Please suggest command line  for given solution.

SSL Weak Cipher Suites Supported

Reconfigure the affected application, if possible to avoid the use of weak ciphers.

Please suggest command line  for given solution.

SSL Certificate Signed Using Weak Hashing Algorithm

Contact the Certificate Authority to have the certificate reissued.

Please suggest command line  for given solution.

SSL Certificate Cannot Be Trusted

Purchase or generate a proper certificate for this service.

Please suggest command line  for given solution.

SSL Self-Signed Certificate

Purchase or generate a proper certificate for this service.

Please suggest command line  for given solution.

Web Server HTTP Header Internal IP Disclosure

Apply configuration suggested by vendor.

Please suggest command line  for given solution.

SSL RC4 Cipher Suites Supported (Bar Mitzvah)

Reconfigure the affected application, if possible, to avoid use of RC4 ciphers. Consider using TLS 1.2 with AES-GCM suites subject to browser and web servers support

Please suggest command line  for given solution.

SSH Protocol Version 1 Session Key Retrieval

Disable compatibility with version 1 of the protocol.

Please suggest command line  for given solution.

SSL Version 2 and 3 Protocol Detection

Consult the application's documentation to disable SSL 2.0 and 3.0. Use TLS 1.1 (with approved cipher suites) or higher instead.

Please suggest command line  for given solution.

IP Forwarding Enabled

Kindly disable IP forwarding

Please suggest command line  for given solution.

Network Time Protocol (NTP) Mode 6 Scanner

Restric****P mode 6 queries.

Please suggest command line  for given solution.

 

 


  • x
  • convention:

Featured Answers
chenhui
Admin Created Aug 13, 2019 11:47:34 Helpful(0) Helpful(0)

the version is too old, it's better to upgrade it to the latest version first. some BUGs may be fixed in the newest version.
  • x
  • convention:

All Answers
LuizPuppin
LuizPuppin MVE Created Aug 13, 2019 11:29:00 Helpful(0) Helpful(0)

What model of routers? I didn't receive any information about series who I do support.
  • x
  • convention:

I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.
chenhui
chenhui Admin Created Aug 13, 2019 11:32:40 Helpful(0) Helpful(0)

@yogijain Hello,
what are the router model and firmware version?
  • x
  • convention:

yogijain
yogijain MVE Created Aug 13, 2019 11:38:58 Helpful(0) Helpful(0)

Posted by chenhui at 2019-08-13 08:32 @yogijain Hello,what are the router model and firmware version?
AR -151, version V2R5
  • x
  • convention:

My%20name%20is%20Yogendra%20Jain%2C%20and%20I%20work%20as%20a%20Project%20Manager%20at%20Brightstar%20telecommunication%20India%20Limited.%20We%20are%20a%20top-ranking%205-star%20CSP%20%2F%20ASP%20Partner.I%20have%20more%20than%2013%20years%20of%20experience%20in%20the%20telecom%20domain.%20Working%20in%20the%20IP%20domain%20for%20the%20last%2010%20years%2C%20I%20participated%20in%20ISP%2C%20PSU%2C%20and%20governance%20projects%20using%20versatile%20OEMS%20products%20like%20Cisco%2C%20Brocade%2C%20Huawei%20and%20juniper.%20I%20have%20also%20been%20blessed%20with%20more%20than%2010%20technical%20certifications..and%20active%20member%20of%20Community%20since%20last%202%20yr
yogijain
yogijain MVE Created Aug 13, 2019 11:39:11 Helpful(0) Helpful(0)

Posted by LuizPuppin at 2019-08-13 08:29 What model of routers? I didn't receive any information about series who I do support.
AR -151, version V2R5
  • x
  • convention:

My%20name%20is%20Yogendra%20Jain%2C%20and%20I%20work%20as%20a%20Project%20Manager%20at%20Brightstar%20telecommunication%20India%20Limited.%20We%20are%20a%20top-ranking%205-star%20CSP%20%2F%20ASP%20Partner.I%20have%20more%20than%2013%20years%20of%20experience%20in%20the%20telecom%20domain.%20Working%20in%20the%20IP%20domain%20for%20the%20last%2010%20years%2C%20I%20participated%20in%20ISP%2C%20PSU%2C%20and%20governance%20projects%20using%20versatile%20OEMS%20products%20like%20Cisco%2C%20Brocade%2C%20Huawei%20and%20juniper.%20I%20have%20also%20been%20blessed%20with%20more%20than%2010%20technical%20certifications..and%20active%20member%20of%20Community%20since%20last%202%20yr
chenhui
chenhui Admin Created Aug 13, 2019 11:47:34 Helpful(0) Helpful(0)

the version is too old, it's better to upgrade it to the latest version first. some BUGs may be fixed in the newest version.
  • x
  • convention:

LuizPuppin
LuizPuppin MVE Created Aug 13, 2019 12:03:24 Helpful(0) Helpful(0)

Ok, I don't have any client using AR routers, But I think that this version is already out of support. You need to upgrade to newest version.
  • x
  • convention:

I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login