CVE-2021-27164

Vulnerability

The FiberHome HG6245D router's web daemon contains hardcoded credentials (admin / aisadmin) intended for an ISP. This issue affects firmware versions through RP2613, including RP2602 and RP2613 [1]. The credentials are embedded in the HTTP server and can be used to authenticate to the web interface.

Exploitation

An attacker with network access to the device's web interface (HTTP/HTTPS) can exploit this vulnerability. By default, the web server listens on the LAN, but IPv6 connectivity may expose it to the WAN due to lack of firewall rules [1]. The attacker simply logs in using the hardcoded credentials, gaining ISP-level access. From there, they can enable a proprietary CLI telnetd and subsequently the Linux telnetd, ultimately obtaining a root shell [1].

Impact

Successful exploitation grants the attacker full administrative control over the router. This compromises confidentiality, integrity, and availability of the device and the network it serves. The attacker can execute arbitrary commands as root, modify configuration, intercept traffic, and pivot to other devices [1].

Mitigation

As of the latest firmware version RP2613, no official patch has been released [1]. Mitigations include restricting network access to the web interface (e.g., via firewall rules), disabling IPv6 if not required, and monitoring for unauthorized access. The device is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of this writing.