Published on Wednesday, 04 September 2013 15:30
[ Summary ]
A vulnerability is discovered in the SMS parser of the dialler software bundled with USB Internet modems. The vulnerability allows an attacker to cause a denial of service (knocking a large number of users offline) to or cause memory corruption and executing arbitrary code.
Dialler software can be used to read/sent SMS through the USB Internet modems from the computer directly.
[ Affected Software ]
- Dialler software bundled with Huawei USB Internet modems
[ Impact Analysis ]
Successful exploitation of the vulnerability could result in denial of service and code execution.
[ Solution/Workaround ]
- Disable the SMS service on the USB Internet modem by providing it a bogus SMS centre number
- Uninstall the provided dialler software if it’s not required
[ References ]