Pierre Kim has a new detailed blog post on Quanta router firmware vulnerabilities:

Multiple vulnerabilities found in Quanta LTE routers (backdoor, backdoor accounts, RCE, weak WPS …)

Quanta Computer Incorporated is a Taiwan-based manufacturer of electronic hardware. It is the largest manufacturer of notebook computers in the world. The Quanta LTE QDH Router device is a LTE router / access point overall badly designed with a lot of vulnerabilities. It’s available in a number of countries to provide Internet with a LTE network. The summary of the vulnerabilities is: [list of about 20 items omitted for space]. A personal point of view: at best, the vulnerabilites are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor. Not all the vulnerabilities found have been disclosed in this advisory. Only the significant ones are shown. Note: This firmware is being used by other Quanta CPEs. From the /usr/www/js/ui/qdisplay.js file, the vulnerable firmware seems to be used in several routers: [list omitted]. The routers are still on sale and used in several countries. Due to lack of communication of the vendor, the specific list of affected countries is unknown. However, we assume the affected firmware is used at least in some Arabic speaking countries as the Help files are written in English, French, Chinese and Arabic (See http://192.168.1.1/help_ar.html). Due to lack of security patches provided by the vendor, the vulnerabilities will remain unpatched. Details […]