Huawei E303 contains a cross-site request forgery vulnerability

A warning has been released by the Homeland Security computer emergency response team. The built-in web interface of the Huawei E303 devices are vulnerable to a CSRF attack.

The broadband wireless modems Huawei E303 contain a web interface for administrators and additional services.

The web interface which is made for the E303 allows users to send and receive SMS messages using the provided and connected cellular network.

The vulnerability notes database explains the following about the Cross-Site Request Forgery attack on Huawei E303 devices:

The /api/sms/send-sms URL is vulnerable to cross-site request forgery attacks. The vulnerability can be exploited when a user with adjacent network access to the device visits a malicious webpage. The malicious webpage can silently make requests to the device’s SMS API (e.g. http://192.168.1.1/api/sms/send-sms) by leveraging the victim’s network access to the device.

The Huawei E303 vulnerability

The malicious site uses the vulnerability to send SMS messages on behalf of the device owner. This attack is used by cybercriminals to create a revenue by sending text messages to malicious and paid providers.

Proof of Concept attack on Huawei E303 vulnerability

Proof of concept
Proof of concept