CVE-2021-27143

Vulnerability

FiberHome HG6245D GPON FTTH routers, including firmware versions up to RP2613, have hardcoded credentials (user / user1234) for an ISP account in the web daemon (HTTP/HTTPS). This issue was discovered by security researcher Pierre Kim and is detailed in advisory [1]. The vulnerable device runs software version RP2602 or RP2613; other FiberHome models may also be affected due to shared codebase [1].

Exploitation

An attacker on the same LAN can reach the web interface (default HTTP/HTTPS) and authenticate using the hardcoded credentials. No additional privileges or user interaction are required. Once logged in, the attacker can enable a telnet daemon (CLI) via the web interface and use the same or similar hardcoded credentials to obtain a root shell [1]. The attack is trivial for LAN-based attackers; over IPv6, internal services may be reachable from the Internet due to lack of firewall rules [1].

Impact

Successful exploitation gives the attacker full control of the device with root privileges, leading to complete compromise of confidentiality, integrity, and availability. The attacker can monitor traffic, modify device settings, or use the router as a pivot point [1].

Mitigation

As of the publication date (2021-02-10), the latest firmware version RP2613 remains vulnerable, and no official patch or workaround has been provided by FiberHome. Users should restrict LAN access to the device, disable remote management, and monitor for future firmware updates. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.