CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Network Security

Quanta Routers Plagued by Many Unpatched Flaws

A researcher has identified numerous serious vulnerabilities in routers built by Quanta Computer, a Taiwan-based hardware company that is said to be the largest original design manufacturer (ODM) of notebook computers in the world.

A researcher has identified numerous serious vulnerabilities in routers built by Quanta Computer, a Taiwan-based hardware company that is said to be the largest original design manufacturer (ODM) of notebook computers in the world.

Researcher Pierre Kim published an advisory this week describing more than 20 vulnerabilities he identified in LTE QDH routers made by Quanta. The expert noted that the actual number of flaws is higher and the advisory details only the most significant issues.

The vulnerabilities found by Kim have been identified in the latest available firmware version, namely 01.00.05_1210, which also seems to be found in several other devices, including QDH, UNE, Mobily and YooMee 4G routers, which are used in several countries around the world.

The researcher discovered a hardcoded SSH server key that can be used to decrypt SSH traffic going to the router. He also identified a couple of default root and admin accounts that can be used to bypass HTTP authentication and gain access to the router via telnetd and SSHd services that are running by default. Backdoors have also been found in the Samba local storage sharing feature, and in the /bin/appmgr program.

The /bin/appmgr program also includes a hardcoded PIN for the Wi-Fi Protected Setup (WPS) system. Furthermore, the router allows users to generate a temporary WPS PIN that can be easily brute-forced by an attacker. The default Wi-Fi password is also weak and can be quickly brute-forced, Kim said.

According to the expert, an attacker can obtain sensitive information, including credentials and configuration data, even without authentication by exploiting a vulnerability in the device’s web interface.

In addition, Kim reported identifying remote code execution, arbitrary file access, and denial-of-service (DoS) vulnerabilities in Quanta’s LTE QDH routers.

Quanta said its LTE QDH routers have reached end of life (EOL) and will not get a firmware update to patch the vulnerabilities found by Kim. The company said it will take the researcher’s findings into consideration for future product development.

Advertisement. Scroll to continue reading.

The researcher is displeased with the fact that the manufacturer has not at least provided security workarounds considering that it has not encouraged customers to discard the outdated product.

“Given the vulnerabilities found, even if the vendor changes its mind and decides to patch the router, I don’t think it is even possible as it needs major rewrites in several main components (the ASM code shows very bad security practices in several binaries),” Kim explained.

“From my tests, it is possible to overwrite the firmware with a custom (backdoored) firmware. Generating a valid backdoored firmware is left as an exercise for the reader, but with all these included vulnerabilities in the default firmware, I don’t think it is worth making the effort,” he added.

This is not the first time Kim has found router vulnerabilities. Last year, the researcher reported discovering a remote code execution flaw in 127 ipTIME router models.

Related Reading: Wireless Routers Plagued by Unpatched Flaws

Related Reading: Asus Settles FTC Charges Over Router Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...