Security researchers disclosed critical vulnerabilities in routers from Chinese networking and telecommunications equipment manufacturer Huawei at the Defcon hackers conference on Sunday.
The vulnerabilities -- a session hijack, a heap overflow and a stack overflow -- were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.
Huawei is one of the fastest growing providers of networking and telecommunication equipment in the world. Huawei equipment powers half of the world's Internet infrastructure, Lindner said.
The researcher, who also analyzed the security of Cisco networking equipment in the past, described the security of the Huawei devices he analyzed as "the worst ever" and said that they're bound to contain more vulnerabilities.
During the Defcon talk, which Lindner gave together with Recurity Labs security consultant Gregor Kopf, the researchers pointed out that there are over 10,000 calls in the firmware's code to sprintf, a function that's known to be insecure.
Read more on
NetworkWorld
