CVE-2021-27149

Vulnerability

The FiberHome HG6245D GPON FTTH router, through firmware version RP2613, contains hardcoded credentials adminpldt / z6dUABtl270qRxt7a2uGTiw in the web daemon (HTTP/HTTPS) intended for ISP access [1]. These credentials are present in all tested firmware versions, including RP2602 and RP2613, and likely affect other FiberHome models with similar codebases such as AN5506-04-FA [1].

Exploitation

An attacker with network access to the router's web interface (LAN via IPv4/IPv6, or WAN if IPv6 connectivity is enabled) can authenticate using the hardcoded credentials [1]. Once authenticated, they can enable a proprietary CLI telnetd and subsequently the Linux telnetd, ultimately obtaining a root shell on the device [1]. No user interaction beyond network access is required.

Impact

Successful exploitation allows the attacker to gain full root access to the router, leading to complete compromise of the device [1]. This enables arbitrary command execution, configuration changes, and potential use of the device as a pivot point within the network.

Mitigation

As of the latest firmware version RP2613, the hardcoded credentials remain present and no official fix has been released [1]. Users are advised to restrict network access to the web interface, particularly from untrusted networks such as the Internet, and monitor for any vendor-supplied updates. There is no indication that this CVE has been added to the CISA Known Exploited Vulnerabilities catalog at the time of publication.