Bloomberg edition, last year
The problem was identified by Vodafone back in 2011 and fixed by Huawei after being notified of the vulnerability. The essence of the backdoor is the ability to gain access to the device through the built-in telnet server. Details of the login organization are not provided; it is not clear whether access was activated through a predefined engineering password or the telnet server was launched when a certain event occurred (for example, when a certain sequence of network packets was sent). It should be noted that similar “backdoors” that allow connecting via telnet have also been detected in equipment in recent years
After fixing the problem, Vodafone engineers noticed that the ability to remotely log in was not completely removed and the telnet server could still be started (it is not clear what is meant by refusing to completely remove the telnet server from the firmware or leaving the ability to start it under certain conditions) . Huawei commented on the availability of the ability to log in via telnet with production requirements - this service is used for testing and initial configuration of devices. At the same time, Huawei has implemented the ability to disable the service after completing this stage, but the telnet service code itself was not removed from the firmware.
Source: opennet.ru