CVE-2021-27158

Vulnerability

The web daemon on FiberHome HG6245D devices (through firmware RP2613) contains hardcoded credentials L1vt1m4eng / 888888 intended for an ISP. These credentials are present in the HTTP server and can be used to authenticate to the web interface. The vulnerability affects all firmware versions up to and including RP2613 [1].

Exploitation

An attacker with network access to the device's web interface (typically LAN, but also reachable over IPv6 from WAN due to lack of firewall) can use the hardcoded credentials to log in. Once authenticated, the attacker can enable a proprietary CLI telnetd and subsequently enable the Linux telnetd, ultimately gaining a root shell on the device [1].

Impact

Successful exploitation allows an attacker to gain full root access to the device. This leads to complete compromise of confidentiality, integrity, and availability, including the ability to modify device configuration, intercept traffic, and launch further attacks from the compromised device [1].

Mitigation

As of the publication date (February 10, 2021), no official patch has been released. The latest firmware version RP2613 is also vulnerable. Users should restrict network access to the device's management interface, disable remote management if possible, and monitor for firmware updates from FiberHome. The device may be at end-of-life; no fix is confirmed [1].