*Jian Xian Li, *Hao Hsiang Lin, Guan Yu Lai
Telecom Technology Center
(TTC is an experienced cybersecurity professional team. It helps companies to improve their security posture, and increase the confidence in implementing, and assessing the right security controls and vulnerabilities of network-connectable consumer/medical/industrial products.)
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
Remote
4GEE ROUTER HH70VB
HH70_E1_02.00_22
Normally, 4GEE ROUTER HH70VB ’s web login screenshot is like this. As shown below:
By using slowhttptest tool to attack to 4GEE ROUTER HH70VB ’s web server, keep it waiting for response until its resource exhausted, therefore achieves Slow HTTP DoS Attack. If attack cause web server out of service successf ully, option service available will show text NO with red color. As shown below:
It could not be accessed when attack success. As shown below:
https://github.com/shekyan/slowhttptest
https://www.sing4g.com/product-page/4gee-router-hh70vb-4g-300mbps-2lan-32wifi