Back door potentially discovered in firmware of FTTH C Data devices

BlkAbysss · July 10, 2020

The original report discusses how to extract admin credentials, allowing an attacker to eventually run root level commands. To get the credentials you need access to the WAN or FTTH LAN interface.

I have minimal understanding in networking, and am curious about the feasibility of the attack. Does this attack rely on direct access to the devices, or can these WAN ports be found through the ISP’s network?

Summary Article:

https://www.zdnet.com/google-amp/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/

Original GitHub report:

https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html

Windows7ge · July 10, 2020

If the WAN interface of the device holds the Public IP of the private network(s) behind it then yes this could be exploited from anywhere in the world where you can reach that Public IP. You don't require physical access if that is the case unless it's some sort of physical MITM attack.

Jarsky · July 10, 2020

Unlikely that the OLT's have public IP's. Typically management of these devices is done with DHCP on a private network and TR-069 for the ISP that has deployed them to manage them.