Configuration wise, there is just a Vodafone branded web GUI, that once unlocked allows for configuration of the PPP parameters and that's about it.
Wondering whether there was perhaps a telnet or SSH daemon listening on the thing I ran nmap against it.
While that revealed no alternative configuration access ports, it did reveal something else. Along with the expected port 80, this showed up in the nmap results:
1 23 45 67 89 1011 1213 1415 1617
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)============== SF-Port50000-TCP:V=5.21%I=7%D=4/16%Time=534EA090%P=x86_64-unknown-linux-gnu%r(GetRequest,BD,"HTTP/1\.0\x20404\x20Not\x20Found\r\nSERVER:\x20PACKAGE_VSF:ERSION\x20HUAWEI,\x20UPnP,\x20HUAWEI\x20SDK\x20for\x20UPnP\x20devices/\ SF:x20\x20\r\nCONTENT-LENGTH:\x2048\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<SF:html><body><h1>404\x20Not\x20Found</h1></body></html>")%r(HTTPOptions,C SF:9,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nSERVER:\x20PACKAGE_VERSIONSF:\x20HUAWEI,\x20UPnP,\x20HUAWEI\x20SDK\x20for\x20UPnP\x20devices/\x20\x2 SF:0\r\nCONTENT-LENGTH:\x2054\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<html><SF:body><h1>501\x20Not\x20Implemented</h1></body></html>")%r(RPCCheck,C1," SF:HTTP/0\.0\x20400\x20Bad\x20Request\r\nSERVER:\x20PACKAGE_VERSION\x20HUASF:WEI,\x20UPnP,\x20HUAWEI\x20SDK\x20for\x20UPnP\x20devices/\x20\x20\r\nCO SF:NTENT-LENGTH:\x2050\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<html><body><hSF:1>400\x20Bad\x20Request</h1></body></html>")%r(FourOhFourRequest,BD,"HT SF:TP/1\.0\x20404\x20Not\x20Found\r\nSERVER:\x20PACKAGE_VERSION\x20HUAWEI,SF:\x20UPnP,\x20HUAWEI\x20SDK\x20for\x20UPnP\x20devices/\x20\x20\r\nCONTEN SF:T-LENGTH:\x2048\r\nCONTENT-TYPE:\x20text/html\r\n\r\n<html><body><h1>40SF:4\x20Not\x20Found</h1></body></html>")
For those unfamiliar with nmap that doubtless looks like a load of garbage. But that's nmap hitting the port with an http request.
Deciphered it indicates that TCP port 50000 on the device is listening and reports itself as "Huawei SDK for UPnP devices".
While it is no great surprise that a NAT'ing device like this offers UPnP device support, that functionality is not mentioned in any of Vodafone's literature nor is it possible to configure or disable it (as many more savvy people do).
Not so much a security problem, more one of those "I didn't realise it even did that" things.
In an attempt to nobble the functionality I have configured the firewall on the server it is plugged into to drop all traffic on UDP 1900 and TCP 2869 as well as anything broadcast to IP: 126.96.36.199 - this I think should kill the UPnP control and discovery mechanisms should I ever enable a UPnP aware app or device on the LAN. Any thoughts or comments on this approach most welcome
Anyways, this was just meant as a heads up for those who may care about such things