Multiple news sites are pointing to a blog bost by Pierre Kim, on Huawei 3G router security:
A comprehensive study of Huawei 3G routers – XSS, CSRF, DoS, unauthenticated firmware update, RCE
Huawei Technologies Co. Ltd. is a Chinese multinational networking and telecommunications equipment and services company. It is the largest telecommunications equipment manufacturer in the world. The Huawei B260A device is a 3g modem / access point overall badly designed with a lot of vulnerabilities. The device is provided by Orange Tunisia as a “Flybox”. It’s available in a lot of countries to provide Internet with a 3G network (Vodafone provides this device, for example). The tests below are done using the last available firmware (firmware 846.11.15.08.115 – Feb 20 2013). Note: This firmware seems to be used for these 14 Huawei devices (from http://192.168.1.1/js/u_version.js ) which, therefore, are likely to be vulnerable to the same threats: ]…]
https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html
Firmware Security 