The term FTTH OLT refers to networking equipment that allows Internet service providers to bring fiber optic cables as close as possible to the finals. users.
These Appliances form the terminal in a network of optical fibers, which convert them data from a line of sight to a classic Ethernet cable connection, which is then connected to the home, data centers or business centers of the consumer.
These devices are all over the place network of an ISP and because of their critical role, you are also one of the most common types of networking devices today.
Security researchers Pierre Kim and Alexandre Torres have discovered seven vulnerabilities in the firmware of FTTH OLT devices, manufactured by the Chinese equipment supplier C-Data, and believe they affect 29 FTTH OLT models using similar firmware.
The most serious of the seven flaws is the presence of backdoor accounts built into the firmware.
Accounts allow invaders connect to the device via a Telnet server running on the device's WAN interface. Kim and Torres said the accounts give the attackers full access to a CLI administrator.
The two researchers said they discovered four combinations of username and password hidden in the C-Data firmware.
- suma123 / panger123
- debug / debug124
- root / root126
- visitor / [blank]
However, according to researchers access could also be used to exploit other vulnerabilities. For example, an intruder could also take advantage of a second error to list credartext credentials in Telnet CLI and for all other device administrators, which could be used later if the backdoor account is removed.
You can see the detailed research here.