Security News > 2021 > June > Huawei USB LTE dongles are vulnerable to privilege escalation attacks

Huawei USB LTE dongles are vulnerable to privilege escalation attacks
2021-06-02 14:33

This week, a Trustwave security researcher disclosed a privilege escalation flaw in Huawei's USB LTE dongles.

Huawei LTE driver autoruns with maximum permissions.

Martin Rakhmanov, Security Research Manager at Trustwave has disclosed his findings on a privilege escalation flaw in Huawei's USB LTE dongle model E3372.

Privilege escalation attacks rely on a user with limited access to a system being able to obtain a higher level of access, in an illicit manner-such as through a vulnerability exploit, or improper permissions on shared files.

Because this particular vulnerability relies on tampering with the Huawei driver software installed on a computer, local or physical access to the computer is required, making this a case of local privilege escalation.

Huawei has advised users of its USB LTE dongle to obtain the "Hi Link" driver files from their website to resolve this vulnerability.


News URL

https://www.bleepingcomputer.com/news/security/huawei-usb-lte-dongles-are-vulnerable-to-privilege-escalation-attacks/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Huawei 1601 241 903 512 187 1843