The original report discusses how to extract admin credentials, allowing an attacker to eventually run root level commands. To get the credentials you need access to the WAN or FTTH LAN interface.
I have minimal understanding in networking, and am curious about the feasibility of the attack. Does this attack rely on direct access to the devices, or can these WAN ports be found through the ISP’s network?
Summary Article:
https://www.zdnet.com/google-amp/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
Original GitHub report:
https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html