Huawei HG630 V2 Router Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the Huawei HG630 V2 router. This vulnerability allows unauthenticated attackers to gain administrative access by exploiting the device's serial number. Attackers can access the '/api/system/deviceinfo' endpoint without authentication to retrieve the serial number, which is then used to log into the router using a default password derived from the last eight characters of the serial number.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the router.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/system/deviceinfo' endpoint. This request can be made without authentication. The response will include the device's serial number. Once the serial number is obtained, use the last eight characters as the password to log into the router.