The vulnerabilities -- a session hijack, a heap overflow and a stack overflow -- were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.

Huawei is one of the fastest growing providers of networking and telecommunication equipment in the world. Huawei equipment powers half of the world's Internet infrastructure, Lindner said.

The researcher, who also analyzed the security of Cisco networking equipment in the past, described the security of the Huawei devices he analyzed as "the worst ever" and said that they're bound to contain more vulnerabilities.

During the Defcon talk, which Lindner gave together with Recurity Labs security consultant Gregor Kopf, the researchers pointed out that there are over 10,000 calls in the firmware's code to sprintf, a function that's known to be insecure.

"This stuff is distrusting," said security researcher Dan Kaminsky, who is best known for discovering a major vulnerability in the world's DNS (Domain Name System) infrastructure in 2008 and who worked for Cisco in the past. "If I were to teach someone from scratch how to write binary exploits, these routers would be what I'd demonstrate on."