[SingCERT] Vulnerability in USB Internet Modems

Published on Wednesday, 04 September 2013 15:30

[ Summary ]

A vulnerability is discovered in the SMS parser of the dialler software bundled with USB Internet modems. The vulnerability allows an attacker to cause a denial of service (knocking a large number of users offline) to or cause memory corruption and executing arbitrary code.

Dialler software can be used to read/sent SMS through the USB Internet modems from the computer directly.


[ Affected Software ]

  • Dialler software bundled with Huawei USB Internet modems


[ Impact Analysis ]

Successful exploitation of the vulnerability could result in denial of service and code execution.


[ Solution/Workaround ]

  • Disable the SMS service on the USB Internet modem by providing it a bogus SMS centre number
  • Uninstall the provided dialler software if it’s not required


[ References ]

http://www.slideshare.net/RahulSasi2/fuzzing-usb-modems-rahusasi