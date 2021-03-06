Trustwave SpiderLabs Security Advisory TWSL2021-008: Code Execution Vulnerability in Huawei Mobile Broadband HL Service

June 2021 by Trustwave

Published: 06/03/2021

Version: 1.0

Vendor: Huawei (http://www.huawei.com)

Product: Mobile Broadband HL Service (HiLink)

Versions affected: 22.001.33.03.03 on MacOS

Product description:

Software to manage Huawei terminal devices.

Finding 1: Huawei Mobile Broadband HL Service code execution vulnerability

Credit: Martin Rakhmanov of Trustwave

Unprivileged users can run code as other users (including privileged ones) on a MacOS systems where HiLink software is installed. This is possible due to weak filesystem permissions on the following file:

/Library/StartupItems/MobileBrServ/mbbserviceopen.app/Contents/MacOS/mbbserviceopen

This file is world writable and is used to launch a web browser each time a Huawei USB modem is connected to the computer. Malicious users can modify the file to execute arbitrary code and wait until other user logs on and connects a USB modem.

Remediation Steps:

Please contact Huawei for more information regarding any patches for the vulnerability.

Revision History: 10/07/2020 - Initial email communication to multiple security and support email addresses.

12/15/2020 - Non-responsive to initial email communications. Contacted Huawei U.S. support via phone. Support provided the contact information: tac.usa@huawei.com

12/16/2020 – Trustwave attempted to connect to provided email addresses multiple times. No response.

06/01/2021 - Advisory published