EE 4GEE HH70 Router Vulnerability Disclosure

After finding vulnerabilities in the 4GEE Mobile WiFi Router last year, I thought I would give my brand new EE home broadband router a run for it’s money and it seems like last time, it’s vulnerable to another attack vector, this time being hard-coded credentials for SSH root access, which luckily is only available via the LAN.

This would enable any user on the LAN to gain access to the router using these hard-coded credentials.

Update: 26/10/2018 – EE have released patch that fixes the issue. Users are recommended to follow the EE router upgrade process via the web UI.

Hardware Version/Model: 4GEE Router HH70VB-2BE8GB3 (HH70VB)
Vulnerable Software Version: HH70_E1_02.00_19
Patched Software Version: HH70_E1_02.00_21
Vulnerability CVE(s): CVE-2018-10532
Product URL: https://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/4gee-router/details

(more…)