Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
BlkAbysss

Back door potentially discovered in firmware of FTTH C Data devices

Recommended Posts

Posted · Original PosterOP

The original report discusses how to extract admin credentials, allowing an attacker to eventually run root level commands. To get the credentials you need access to the WAN or  FTTH LAN interface. 
 

I have minimal understanding in networking, and am curious about the feasibility of the attack. Does this attack rely on direct access to the devices, or can these WAN ports be found through the ISP’s network?


Summary Article:

https://www.zdnet.com/google-amp/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/

 

Original GitHub report:

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

Link to post
Share on other sites

If the WAN interface of the device holds the Public IP of the private network(s) behind it then yes this could be exploited from anywhere in the world where you can reach that Public IP. You don't require physical access if that is the case unless it's some sort of physical MITM attack.


Guides & Tutorials:

How To: Access Remote Systems at Home/Work Securely from Anywhere with Pritunl

How to Format Storage Devices in Windows 10

A How-To: Drive Sharing in Windows 10

VFIO GPU Pass-though w/ Looking Glass KVM on Ubuntu 19.04

A How-To Guide: Building a Rudimentary Disk Enclosure

Three Methods to Resetting a Windows Login Password

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

 

Guide/Tutorial in Progress:

How To: Remotely Access Your Server/NAS

 

In the Queue:

How to Use Memtest86 to Diagnose RAM Errors

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites

Unlikely that the OLT's have public IP's. Typically management of these devices is done with DHCP on a private network and TR-069 for the ISP that has deployed them to manage them. 


Spoiler

Desktop: Ryzen 7 2700x | Aorus X470 Gaming Ultra | EVGA RTX2080 Super | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | Corsair H105 AIO, NZXT Sentry 3 | Corsair SP120's | 1TB Crucial P1 NVMe, 4TB WD Black | Phanteks Enthoo Pro | Corsair RM650v2 PSU | LG 32" 32GK850G Monitor | Ducky Shine 3 Keyboard, Logitech G502, MicroLab Solo 7C Speakers, Razer Goliathus Extended, X360 Controller | Windows 10 Pro | SteelSeries Siberia 350 Headphones

 

Spoiler

Server 1: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM650v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Server 2: Corsair 400R | IcyDock MB998SP & MB455SPF | Seasonic Focus Plus 650w PSU | 2 x Xeon X5650's | 48GB DDR3-ECC | Asus Z8NA-D6C Motherboard | AOC-SAS2LP-MV8 | LSI MegaRAID 9271-8i | RES2SV240 SAS Expander | Samsung 840Evo 120GB | 5 x 8TB Seagate Archives | 10 x 3TB WD Red

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×