CVE-2021-27171

Vulnerability

The vulnerability exists in FiberHome HG6245D devices through firmware version RP2613. Using the CLI interface commands ddd and shell (or tshell) allows starting a Linux telnetd as root on port 26/tcp [1]. Affected software versions include RP2602 and RP2613.

Exploitation

An attacker requires CLI access to the device. According to the advisory [1], this can be achieved by first enabling the proprietary CLI telnetd via backdoor credentials on the web interface. Once the CLI is accessible, the attacker can execute ddd followed by shell or tshell to start a Linux telnetd on port 26/tcp with root privileges.

Impact

Successful exploitation grants the attacker a root shell on the device, leading to full compromise of the router. This could allow data exfiltration, further network attacks, or persistent access.

Mitigation

As of the publication date (2021-02-10), no official fix has been released for FiberHome HG6245D devices. The latest firmware version RP2613 remains vulnerable [1]. Users should monitor for firmware updates and consider disabling remote access to the CLI or restricting network access to the device.