CVE-2021-27141

Vulnerability

An issue discovered in FiberHome HG6245D devices through firmware version RP2613 stores credentials in /fhconf/umconfig.txt that are obfuscated via XOR with a hardcoded key *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g. The XOR obfuscation algorithm is detailed in the webs binary. Affected versions include all firmware up to and including RP2613, and potentially other FiberHome devices such as the AN5506-04-FA (firmware RP2631) [1].

Exploitation

An attacker with network access to the device (LAN or WAN IPv6) can retrieve the obfuscated credentials file /fhconf/umconfig.txt via the web interface or other exposed services. By applying the known hardcoded XOR key, the attacker can trivially decode the obfuscated credentials without authentication [1].

Impact

Successful exploitation leads to disclosure of stored credentials, which may grant administrative access to the device. This can be a stepping stone for further compromise, such as enabling telnet access or achieving remote code execution as root [1].

Mitigation

As of the publication date (2021-02-10), no official fix or firmware update has been released to address this vulnerability. The issue affects the latest firmware version RP2613, and there is no known workaround. Users should consider isolating the device from untrusted networks and monitoring for vendor updates. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.