Friday, July 10, 2020

Chinese devices found with international backboors in FTTH devices

 Team of Security researchers have discovered undocumented Telnet admin account accounts in 29 FTTH devices from one of Chinese vendor C-Data. These CDATA OLTs devices are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY.

Multiple vulnerabilities found in CDATA OLTs Product Description

As said CDATA OLTs are OEM FTTH OLTs, sold under different brands are allowing to provide FTTH connectivity to a large number of clients.

As their name hints, these devices are the termination on a fiber optics network, converting data from an optical line into a classic Ethernet cable connection that's then plugged in a consumer's home, data centers, or business centers.
The backdoor accounts in the firmware of 29 FTTH Optical Line Termination (OLT) devices from popular vendor C-Data. They could allow users access to a secret Telnet admin account running on the devices’ external WAN interface granting them full administrator CLI access.
According to the researchers the backdoor accounts were intentionally introduced.

Full Details - Backdoor Access with telnet

A telnet server is running in the appliance and same time reachable from the WAN interface and from the FTTH LAN interface (from the ONTs).
Depending on the firmware, the backdoor credentials may change if require. You can see below a complete list of backdoor (undocumented) credentials, giving an attacker hacker a complete administrator CLI access.
Previous and old versions both can be abused with:
login: suma123
password: panger123
New recent versions can be abused with:
login: debug
password: debug124

login: root
password: root126

login: guest
password: [empty]

Company not made any comment on this yet.

Below the list of vulnerable C-Data FTTH OLT devices :
  • 72408A
  • 9008A
  • 9016A
  • 92408A
  • 92416A
  • 9288
  • 97016
  • 97024P
  • 97028P
  • 97042P
  • 97084P
  • 97168P
  • FD1002S
  • FD1104
  • FD1104B
  • FD1104S
  • FD1104SN
  • FD1108S
  • FD1108SN
  • FD1204S-R2
  • FD1204SN
  • FD1204SN-R2
  • FD1208S-R2
  • FD1216S-R1
  • FD1608GS
  • FD1608SN
  • FD1616GS
  • FD1616SN
  • FD8000