Published: 20/03/2018 Updated: 19/04/2018
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 657
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Vulnerability Trend

Affected Products

Vendor Product Versions
HuaweiHg532 Firmware-


import threading, sys, time, random, socket, re, os, struct, array, requests from requestsauth import HTTPDigestAuth ips = open(sysargv[1], "r")readlines() cmd = "" # Your MIPS (SSHD) rm = "<?xml version=\"10\" ?>\n <s:Envelope xmlns:s=\"schemasxmlsoaporg/soap/envelope/\" s:encodingStyle=\"schemasxmlsoaporg/soap/en ...

Github Repositories

CVE-2017-17215 Usage: CVE-2017-12149py targetip:37215/ I am so poor that cant afford to but a HUAWEI router XD so it is not tested on any machine~ but the exp technically should be working I found this report blognewskysecuritycom/huawei-router-exploit-involved-in-satori-and-brickerbot-given-away-for-free-on-christmas-by-ac52fe5e4516 the payload was released 2

MiraiSecurity Mirai wwwcdxyme/?p=746 wwwfreebufcom/articles/network/119403html pastebincom/svH8tvd9 wwwfreebufcom/sectool/130091html wwwtuicoolcom/articles/qM7rMnb h4ckth4tsh1tcom/indexphp?u=/topic/18/ggsetup-a-mirai-botnet githubcom/rootblack45/Mirai-Source-Modded githubcom/Screamfox/-Mirai-Iot-BotNet

GreyNoise Intelligence Alpha API Summary: GreyNoise is a system that collects and analyzes data on Internet-wide scanners GreyNoise collects data on benign scanners such as Shodanio, as well as malicious actors like SSH and telnet worms The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions URL: https:

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

No description, website, or topics provided.

Recent Articles

Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant
Threatpost • Lindsey O'Donnell • 31 Oct 2019

A new Gafgyt variant is adding vulnerable internet of things (IoT) devices to its botnet arsenal and using them to cripple gaming servers worldwide.
The newly-discovered variant is capable of launching a variety of denial-of-service (DoS) attacks against the Valve Source Engine, a video game engine developed by Valve Corp. that runs popular games such as ​Half-Life and ​Team Fortress 2. Other gaming servers have also been targeted by the botnet, such as those hosting widely-played game...

New Mirai Samples Grow the Number of Processors Targets
Threatpost • Lindsey O'Donnell • 08 Apr 2019

New samples of the Mirai malware have been identified, targeting an array of embedded processors and architectures within connected devices.
Researchers said that they discovered new Mirai samples in February 2019, capable of infecting IoT devices running Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. Variants of Mirai have previously targeted CPU architectures like ARM and x86.
While it’s not the first time Mirai’s targeting of new processor archit...

Huawei bungled router security, leaving kit open to botnets, despite alert from ISP years prior
The Register • Gareth Corfield • 28 Mar 2019

Chinese kit slinger was told of UPnP flaw in 2013, didn't do too much about it

Exclusive Huawei bungled its response to warnings from an ISP's code review team about a security vulnerability common across its home routers – patching only a subset of the devices rather than all of its products that used the flawed firmware.
Years later, those unpatched Huawei gateways, still vulnerable and still in use by broadband subscribers around the world, were caught up in a Mirai-variant botnet that exploited the very same hole flagged up earlier by the ISP's review team.

Router Crapfest: Malware Author Builds 18,000-Strong Botnet in a Day
BleepingComputer • Catalin Cimpanu • 19 Jul 2018

A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day.
This new botnet has been spotted yesterday by security researchers from NewSky Security, and their findings have been confirmed today by Qihoo 360 Netlab, Rapid7, and Greynoise.
The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215.
Scans for this vulnerability, which can be exploited via port 37215, started yesterday mornin...

New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds
BleepingComputer • Catalin Cimpanu • 02 May 2018

An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
The tool, named getDVR_Credentials, is a proof-of-concept for CVE-2018-9995, a vulnerability discovered by Fernandez at the start of last month.
Fernandez discovered that by accessing  the  control panel of sp...

New JenX IoT DDoS Botnet Offered Part of Gaming Server Rental Scheme
BleepingComputer • Catalin Cimpanu • 03 Feb 2018

The operators of a gaming server rental business are believed to have built an IoT DDoS botnet, which they are now offering as part of the server rental scheme.
The prime and pretty obvious clue that ties this new IoT botnet — named JenX— with the gaming server rental service is the IoT's command-and-control server, located at skids.sancalvicie.com.
The botnet's C&C server is found on the same server and domain used by the gaming server rental business —San Calvicie (sancal...

JenX Botnet Has Grand Theft Auto Hook
Threatpost • Christopher Kanaracus • 02 Feb 2018

Researchers at Radware have discovered a new botnet that uses vulnerabilities linked with the Satori botnet and is leveraging the Grand Theft Auto videogame community to infect IoT devices.
Satori is a derivative of Mirai, the notorious botnet that in 2016 infamously managed to take down Dyn, a DNS hosting provider that supports some of the world’s largest websites.
The vulnerabilities in question are CVE-2014-8361 and CVE-2017-17215, which affect certain Huawei and Realtek routers...

Satori Author Linked to New Mirai Variant Masuta
Threatpost • Tom Spring • 23 Jan 2018

Researchers at NewSky Security say the hacker behind a Mirai malware variant called Satori, also known as Mirai Okiru, is the same hacker behind two new Mirai variants called Masuta and PureMasuta.
Based on source code for Masuta malware recently found on the dark web, researchers at NewSky Security said they were able to connect the dots between Satori and Masuta. The hacker is identified as Nexus Zeta.
Last month researchers first identified Nexus Zeta as the principle behind a ser...

Satori Botnet Is Now Attacking Ethereum Mining Rigs
BleepingComputer • Catalin Cimpanu • 17 Jan 2018

A new variant of the Satori botnet has sprung back to life, and this one is hacking into Claymore mining rigs and replacing the device owner's mining credentials with the attacker's own.
The attacks started on January 8, a Qihoo 360 Netlab security researcher has told Bleeping Computer. Analysis of the malware's code suggests the same person behind the original Satori bot is behind this new wave as well.
The Satori botnet appeared in early December 2017 and was a heavily modified ver...

Code Used in Zero Day Huawei Router Attack Made Public
Threatpost • Tom Spring • 28 Dec 2017

Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or IOTrooper.
Ankit Anubhav, researcher at NewSky Security first identified the code on Monday that was posted publicly on Pastebin.com. The code is the zero-day vulnerability CVE- 2017-17215 used by a hac...

Huawei Router Vulnerability Used to Spread Mirai Variant
Threatpost • Tom Spring • 22 Dec 2017

Researchers have identified a vulnerability in a Huawei home router model that is being exploited by an adversary to spread a variant of the Mirai malware called Mirai Okiru, also known as Satori.
Researchers at Check Point published a report Thursday, and said the flaw is in Huawei’s router model HG532. It said it is tracking hundreds of thousands of attempts to exploit the vulnerability in the wild.
Okiku/Satori was first identified by Check Point researchers on November 23. Lead...

Amateur Hacker Behind Satori Botnet
BleepingComputer • Catalin Cimpanu • 22 Dec 2017

A so-called "script kiddie" is behind the recently discovered Satori botnet that has scared security researchers because of its rapid rise to a size of hundreds of thousands of compromised devices.
Researchers say that a hacker named Nexus Zeta created Satori, which is a variant of the Mirai IoT malware that was released online in October 2016.
Satori, which is also tracked under the name of Mirai Okiru, came to life around November 23, when the malware started spreading on the Inter...