CVE-2021-27177

Vulnerability

The telnet server on FiberHome HG6245D devices (firmware versions up to RP2613) contains an authentication bypass vulnerability. Sending the decoded value of the base64 string GgpoZWxwCmxpc3QKd2hvCg== to the telnet server grants access without valid credentials. This affects all firmware versions through RP2613, and likely other FiberHome devices with similar codebase [1].

Exploitation

An attacker can exploit this by connecting to the telnet server (port 23) which is not enabled by default but can be enabled via the web interface using hardcoded credentials. Once telnet is accessible, the attacker sends the decoded string (which decodes to a sequence of commands including help, list, who) to bypass authentication and gain a CLI session. No prior authentication is required for the bypass itself [1].

Impact

Successful exploitation allows an unauthenticated attacker to gain a command-line interface on the device with root privileges. This can lead to full compromise of the router, including ability to modify configuration, intercept traffic, and pivot to internal networks [1].

Mitigation

As of the publication date (February 2021), no firmware patch was available. The vendor was notified but did not release a fix. The latest firmware version RP2613 remains vulnerable. Users should disable telnet access if possible, restrict network access to the device, and monitor for updates from FiberHome. The vulnerability is not listed in CISA KEV as of now [1].