silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,333
Security researchers have discovered backdoors impacting a total of 29 Fiber-To-The-Home (FTTH) Optical Line Terminal (OLT) devices from Chinese vendor C-Data.
The company’s OLTs are available for purchase under various brands, including BLIY, OptiLink, V-SOL CN, and C-Data, delivering connectivity to numerous clients (up to 1024 in some cases), with some of the affected devices even supporting multiple 10-gigabit uplinks.
Security researchers Pierre Kim and Alexandre Torres discovered that the FD1104B and FD1108SN OLTs are impacted by several vulnerabilities, including a telnet server accessible from both the WAN and the FTTH LAN interfaces.
The backdoor credentials were found to differ between firmware versions (identified pairs include suma123/panger123, guest/[empty], root/root126, debug/debug124) and vendors, but they do provide access to the affected devices.
An attacker with backdoor access to the OLT can extract administrator credentials through the command-line interface (CLI), the researchers also discovered. The attacker can then leverage the working CLI access to execute commands as root and exfiltrate information using the embedded webserver.