CVE-2021-27150

Vulnerability

The web daemon on FiberHome HG6245D devices (firmware versions through RP2613) contains hardcoded credentials gestiontelebucaramanga / t3l3buc4r4m4ng42013 intended for an ISP. These credentials are embedded in the binary and can be used to authenticate to the web interface. [1]

Exploitation

An attacker with network access to the device's web interface (typically LAN, but also reachable over IPv6 from WAN due to lack of firewall) can use these hardcoded credentials to log in. The blog post describes that after authentication, the attacker can enable a telnet daemon and then use additional backdoor credentials to obtain a root shell. [1]

Impact

Successful exploitation allows an attacker to gain administrative access to the router, potentially leading to full device compromise, including the ability to modify configuration, intercept traffic, and pivot to internal networks. [1]

Mitigation

The vendor has not released a fix as of the publication date (February 2021). Users should restrict network access to the web interface, disable remote management, and monitor for unauthorized access. The device may be end-of-life; consider replacing with a supported model. [1]