Bloomberg edition, last year
about an unconfirmed spy chip in Supermicro boards, about identifying a backdoor in Huawei equipment. However, Vodafone, which discovered the problem, calls it a vulnerability, and Bloomberg exaggerates. Apparently, the backdoor was not a deliberate backdoor added with malicious intent and espionage purposes, but was the result of leaving an engineering access point that was forgotten to be disabled in the final version of the product due to an oversight or to simplify diagnostics by the support service.
The problem was identified by Vodafone back in 2011 and fixed by Huawei after being notified of the vulnerability. The essence of the backdoor is the ability to gain access to the device through the built-in telnet server. Details of the login organization are not provided; it is not clear whether access was activated through a predefined engineering password or the telnet server was launched when a certain event occurred (for example, when a certain sequence of network packets was sent). It should be noted that similar “backdoors” that allow connecting via telnet have also been detected in equipment in recent years , , , и .
After fixing the problem, Vodafone engineers noticed that the ability to remotely log in was not completely removed and the telnet server could still be started (it is not clear what is meant by refusing to completely remove the telnet server from the firmware or leaving the ability to start it under certain conditions) . Huawei commented on the availability of the ability to log in via telnet with production requirements - this service is used for testing and initial configuration of devices. At the same time, Huawei has implemented the ability to disable the service after completing this stage, but the telnet service code itself was not removed from the firmware.
Source: opennet.ru