CVE-2021-27173

Vulnerability

The FiberHome HG6245D router, including firmware versions RP2602 and RP2613, exposes an unauthenticated backdoor API via the HTTP server at the URI path /telnet?enable=0&key=calculated(BR0_MAC). This API does not require any authentication and is present in the latest firmware version RP2613 [1]. The vulnerability allows an attacker to manipulate firewall rules and enable the CLI telnet server, which is otherwise not reachable by default [1].

Exploitation

An attacker can exploit this vulnerability from the LAN (IPv4 or IPv6) or from the WAN over IPv6, as the device lacks a firewall for IPv6 connectivity, making internal services reachable from the Internet [1]. The attacker sends a crafted HTTP request to the vulnerable endpoint without any prior authentication. The key parameter is computed based on the device's BR0 MAC address, which can be obtained through other information disclosure issues. After the request, firewall rules are removed and the telnet server becomes accessible [1].

Impact

Successful exploitation enables an attacker to gain root shell access to the device via the telnet service, leading to full remote code execution (RCE) with root privileges [1]. The attacker can completely compromise the router, modify configurations, monitor traffic, or use the device as a pivot point for further attacks.

Mitigation

As of the publication date of the advisory and the confirmed firmware version RP2613, no official patch has been released by FiberHome [1]. Users should restrict access to the device's web interface to trusted networks only, disable IPv6 if not required, and monitor for firmware updates from the vendor. The device may be listed as end-of-life or unsupported, making replacing the router the most secure option.