CVE-2021-27157

Vulnerability

The FiberHome HG6245D router's web daemon contains hardcoded credentials (admin / 888888) intended for ISP use. This issue affects all firmware versions through RP2613 [1]. The credentials are embedded in the HTTP server and can be used to authenticate to the web interface without any prior access.

Exploitation

An attacker with network connectivity to the device's web interface (HTTP/HTTPS on port 80/443) can simply log in using the hardcoded admin and 888888 credentials. The web interface is reachable from the LAN by default, and due to lack of IPv6 firewall, it may also be accessible from the WAN over IPv6 [1]. Once authenticated, the attacker can enable a proprietary CLI telnet daemon and subsequently use additional backdoor credentials to obtain a root shell on the Linux telnet service [1].

Impact

Successful exploitation grants the attacker full administrative control over the router. This includes the ability to read and modify device configuration, intercept or redirect network traffic, and execute arbitrary commands as root, leading to complete compromise of the device and potentially the connected network [1].

Mitigation

As of the publication date (February 2021), no firmware update has been released to address this vulnerability; the latest version RP2613 remains affected [1]. Users should restrict network access to the web interface by disabling remote management and using firewall rules to limit access to trusted IPs. Monitor vendor channels for a future patch. No official workaround is available [1].