Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network Terminal and are special devices located at the end of fiber optic cables. Their role is to convert optical signals sent over fiber optic cables to standard Ethernet or wireless connections (Wi-Fi).
FTTH ONT routers are usually installed in apartment buildings or in homes or businesses that choose gigabit subscriptions.
In a report published last week, security researcher Pierre Kim said he had spotted a large collection of security issues on the FiberHome HG6245D and FiberHome RP2602, two FTTH ONT router models developed by Chinese company FiberHome Networks.
Η reference describes both the pros and cons of both router models and their firmware.
For example, the positives are that both devices do not expose the control panel via the external IPv4 interface, making it impossible to attack against the web panel through Internet. In addition, the ability to manage Telnet, which is often used by botnets, is also disabled by default.
However, Kim says that FiberHome engineers apparently failed to enable these protection features in the routers' IPv6 interface. Kim notes that the device firewall is only active in the IPv4 interface and not in IPv6, allowing the threat agents to have direct access to all the router's internal services, as long as they know the IPv6 address device.
Kim described many backdoors and vulnerabilities he discovered in the device, which he claims could have been compromised by intruders to take over the ISP infrastructure.
Kim said he found these issues in January 2020 and informed the company immediately. The researcher could not determine if the errors as it has not tested the latest firmware versions since.
In addition, the researcher also warns that the same backdoors or vulnerabilities could also affect other FiberHome models due to the fact that most vendors tend to reuse or slightly process the firmware between different production lines.
It is extremely urgent to protect FiberHome routers. At the end of 2019, Qihoo 360 security researchers reported that the threatening agents had already misused the FiberHome systems for assembling botnets, which are used as proxies.
In May 2020, the US Department of Commerce added FiberHome and eight other Chinese tech companies to a blacklist restricting access to US companies.
Source of information: zdnet.com