CVE-2021-27156

Vulnerability

The web daemon on FiberHome HG6245D devices through firmware RP2613 contains hardcoded credentials for an ISP that equal the last part of the MAC address of the br0 interface. This allows attackers to derive valid credentials from the device's MAC address [1].

Exploitation

An attacker on the local network can obtain the MAC address of the br0 interface (e.g., via ARP or by sniffing) and compute the credentials by taking the last part of the MAC. These credentials can then be used to authenticate to the web interface or enable a CLI telnetd with root privileges [1]. No authentication is required beforehand; the attacker only needs network access to the device.

Impact

Successful exploitation grants the attacker authenticated access to the device, potentially leading to full root compromise via the CLI telnetd. This can result in complete loss of confidentiality, integrity, and availability of the device, including unauthorized configuration changes and data exfiltration [1].

Mitigation

As of February 2021, no firmware update addressing this issue has been released. The latest firmware RP2613 remains vulnerable. Users should restrict network access to trusted hosts, disable remote management features, and monitor for vendor updates. No workaround is available [1].