Routers from Taiwan-based electronic hardware manufacturer Quanta Computer are plagued with serious vulnerabilities, according to researcher Pierre Kim in his blog, A Slice of Kimchi.
Calling the technology “badly designed,” Kim said he found over 20 significant flaws in the firmware for Quanta's LTE QDH Router device, as well as its QDH, UNE, MOBILY and Yoomee 4G routers.
“At best, the vulnerabilities are due to incompetence; at worst it is a deliberate act of security sabotage from the vendor,” Kim wrote.
Vulnerabilities identified by Kim include the presence of backdoor accounts that can bypass HTTP authentication, a webinterface information leak that allows attackers to access sensitive data without authentication, and remote code execution (RCE) flaws in the ping API and traceroute API.