The problem is due to the use of "1990s-style code" in the firmware of some Huawei VRP routers, he said. (The models are the Huawei AR18 and AR 29 series). With a known exploit, an attacker could get access to the systems, log in as administrator, change the adminand reconfigure the systems, which would allow for interception of all the traffic running through .
Both Lindner and Kopf have criticized Huawei for not having a security contact, as well as for its lack of security advisories for its. Additionally, the researchers say don't talk about bugs that may have been fixed.
A U.S.-based Huawei representative provided CNET with the following statement:
We are aware of the media reports on security vulnerabilities in some small Huawei routers and are verifying these claims. Huawei adopts rigorous security strategies and policies to protectof our customers and abides by industry standards and best practices in and incident management. Huawei has established a robust response system to address product security gaps and vulnerabilities, working with our customers to immediately develop contingency plans for all identified , and to resolve any incidents in the shortest possible time. In the interests of customer security, Huawei also calls on the industry to promptly report all product security risks to the solutions provider so that the vendor's CERT team can work with the relevant parties to develop a solution and roll-out .