CVE-2021-27168

Vulnerability

FiberHome HG6245D GPON FTTH routers, including firmware versions up to RP2613, contain a hardcoded password (6GFJdY4aAuUKJjdtSn7d) for the rdsadmin account, as documented in the vendor advisory and researcher blog [1]. This account can be used to enable a Linux telnet daemon via the web interface, providing an authentication bypass for the device's management functions.

Exploitation

An attacker with network access to the router's LAN (or WAN via IPv6, as IPv6 firewall is lacking) can reach the web server on HTTP/HTTPS and use the hardcoded credentials to authenticate as rdsadmin. From there, they can enable the telnet daemon and log in to the device over telnet with the same credentials, achieving a root shell without any further authentication or user interaction [1].

Impact

Successful exploitation allows an unauthenticated attacker to gain complete root-level control over the device, leading to full confidentiality, integrity, and availability compromise. This includes the ability to read sensitive data, modify device configuration, install malware, or disrupt service [1].

Mitigation

As of the publication date, no official patch has been released by FiberHome for the HG6245D. The researcher confirms that even the latest firmware RP2613 remains vulnerable [1]. A workaround is to disable remote management features and restrict network access to the device's web interface, but the availability of a permanent fix is unknown. This vulnerability is not known to be listed in the CISA KEV catalog.