Security researcher Pierre Kim reported at least 28 security vulnerabilities and backdoors in the firmware of the FiberHome Technologies’ FTTH ONT router.
According to Shodan data, the router is commonly used in South America and Southeast Asia. “FiberHome Technologies is a leading equipment vendor and global solution provider in the field of information technology and telecommunications,” the researcher explained.
More about the FTTH ONT router
FTTH ONT, or Fiber-to-the-Home Optical Network Terminal is a specific device converting optical signals sent through fiber optics cable into classic Ethernet or Wi-Fi connections. This type of router is typically installed in apartment buildings or in homes or offices opting for gigabit-type subscriptions.
FiberHome HG6245D and FiberHome RP2602 models contain vulnerabilities
The issues identified by Kim reside in the FiberHome HG6245D and FiberHome RP2602 models. However, in April 2019, Kim tested successfully some vulnerabilities against another fiberhome device – AN5506-04-FA, firmware RP2631. “The fiberhome devices have quite a similar codebase, so it is likely all other fiberhome devices (AN5506-04-FA, AN5506-04-FAT, AN5506-04-F) are also vulnerable,” he noted in his report.
Despite the vulnerabilities, Kim also pointed out the positive side in the two models. The good news is that the devices don’t expose their management panel via the IPv4 external interface. This makes Internet attacks against the web panel impossible to carry out. Another good news is that the Telnet management feature is disabled by default. This feature can be abused in botnet attacks.
On the negative side, the router maker hasn’t activated the same protections for the devices’ IPv6 interface. Also, the firewall is only active on the IPv4 interface which could enable hackers to access the devices’ internal services, if they know the IPv6 address:
Futhermore, due to the lack of firewall for IPv6 connectivity, all the internal services will be reachable over IPv6 (from the Internet).
It is in fact trivial to achieve pre-auth RCE as root against the device, from the WAN (using IPv6) and from the LAN (IPv4 or IPv6).
The researcher also noted that his findings date from the beginning of 2020. This means that a new firmware image may already be available to patch some of the flaws.
Last week, we reported that Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers contained 68 vulnerabilities which remain unpatched. Instead of addressing the issues, Cisco’s customers are advised to refer to the end-of-life notices for the products.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: