Thursday, August 6, 00:23
Home security C-Data FTTH OLT devices contain backdoors

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors discovered two security researchers in firmware 29 devices FTTH OLT, the popular equipment provider C-Data.

FTTH

The term FTTH OLT refers to networking equipment that allows Internet service providers to bring fiber optic cables as close as possible to the finals. users.

These Appliances form the terminal in a network of optical fibers, which convert them data from a line of sight to a classic Ethernet cable connection, which is then connected to the home, data centers or business centers of the consumer.

These devices are all over the place network of an ISP and because of their critical role, you are also one of the most common types of networking devices today.

Security researchers Pierre Kim and Alexandre Torres have discovered seven vulnerabilities in the firmware of FTTH OLT devices, manufactured by the Chinese equipment supplier C-Data, and believe they affect 29 FTTH OLT models using similar firmware.

The most serious of the seven flaws is the presence of backdoor accounts built into the firmware.

hacker

Accounts allow invaders connect to the device via a Telnet server running on the device's WAN interface. Kim and Torres said the accounts give the attackers full access to a CLI administrator.

The two researchers said they discovered four combinations of username and password hidden in the C-Data firmware.

  1. suma123 / panger123
  2. debug / debug124
  3. root / root126
  4. visitor / [blank]

However, according to researchers access could also be used to exploit other vulnerabilities. For example, an intruder could also take advantage of a second error to list credartext credentials in Telnet CLI and for all other device administrators, which could be used later if the backdoor account is removed.

You can see the detailed research here.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Why the Edge crashed with Google's default search engine

An explanation has been given by Microsoft, regarding the error that caused the collapse of the Edge, when Google was set ...

Waymo: 18 months in prison for the employee who stole the data!

Anthony Levandowski, former chief engineer of Waymo, was sentenced to 18 months in prison for stealing confidential data from Google.
00:02:16

Call of Duty Warzone: The game's hackers have grown exponentially

While cheats are a long-standing problem for Call of Duty: Warzone, they seem to be commonplace in the game.

SEE LIVE NOW: Presentation of the Samsung Galaxy Note 20 5G

Watch live now on YouTube the presentation of Samsung's new product, the Galaxy Note 20 5G. SEE ...

Remote Work means more hours and meetings

The massive shift to remote work since the pandemic began brought several upheavals: more flexibility, no routes, comfortable clothes.

Microsoft spent nearly $ 14 million on Bug Bounty

In a statement on Tuesday, Microsoft said it had spent about $ 13,7 million on bug bounty programs ...

More than 50 vulnerabilities are fixed on Android

On Monday, Google released security updates for August 2020. The updates concern the Android operating system, with code updates ...

Kodak: Under investigation for $ 765 million loan?

Trading on the Kodak Stock Exchange rose shortly before the announcement of the $ 765 million loan for the production of drugs.

DNS-over-HTTPS (DoH) Protocol: The new "weapon" of Iranian APT hackers!

The Iranian APT hackers of the group known as "Oilrig", are the first to integrate the DNS-over-HTTPS (DoH) protocol in ...

NSA: Warns about the dangers of location services

The US National Security Agency, NSA, warns about mobile location services and the dangers to national security and ...