Saturday, February 20, 08:40
Home security Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network Terminal and are special devices located at the end of fiber optic cables. Their role is to convert optical signals sent over fiber optic cables to standard Ethernet or wireless connections (Wi-Fi).

FiberHome

FTTH ONT routers are usually installed in apartment buildings or in homes or businesses that choose gigabit subscriptions.

In a report published last week, security researcher Pierre Kim said he had spotted a large collection of security issues on the FiberHome HG6245D and FiberHome RP2602, two FTTH ONT router models developed by Chinese company FiberHome Networks.

Η reference describes both the pros and cons of both router models and their firmware.

For example, the positives are that both devices do not expose the control panel via the external IPv4 interface, making it impossible to attack against the web panel through Internet. In addition, the ability to manage Telnet, which is often used by botnets, is also disabled by default.

However, Kim says that FiberHome engineers apparently failed to enable these protection features in the routers' IPv6 interface. Kim notes that the device firewall is only active in the IPv4 interface and not in IPv6, allowing the threat agents to have direct access to all the router's internal services, as long as they know the IPv6 address device.

Kim described many backdoors and vulnerabilities he discovered in the device, which he claims could have been compromised by intruders to take over the ISP infrastructure.

Based on the number and nature of backdoors she discovered within her firmware device, Kim said he believes “that some backdoors have been deliberately placed by company. "

Kim said he found these issues in January 2020 and informed the company immediately. The researcher could not determine if the errors as it has not tested the latest firmware versions since.

In addition, the researcher also warns that the same backdoors or vulnerabilities could also affect other FiberHome models due to the fact that most vendors tend to reuse or slightly process the firmware between different production lines.

It is extremely urgent to protect FiberHome routers. At the end of 2019, Qihoo 360 security researchers reported that the threatening agents had already misused the FiberHome systems for assembling botnets, which are used as proxies.

In May 2020, the US Department of Commerce added FiberHome and eight other Chinese tech companies to a blacklist restricting access to US companies.

Source of information: zdnet.com

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...

What are the 6 most known attacks on gaming companies?

A few days ago, the gaming company Big Huge Games informed the players that it was the victim of an attack, which affected its data ...

Xbox gift cards are sold at a 10% discount on Amazon

Xbox owners can save some money on games, add-ons, subscriptions and more if they buy Xbox gift cards at ...

Perseverance: NASA spacecraft lands on Mars!

The spacecraft "Perseverance" successfully landed yesterday, shortly before 11 pm Greek time on Mars. Aim of this mission of ...

YouTube: You can play 4K videos on devices with low resolution screens

Youtube application on Android allows you to play videos up to 4K resolution. All you need is a phone with ...

Top positions Software Engineering and coding skills for 2021

Due to COVID-19, recruitment efforts and employment opportunities fell sharply last year. However, the technology industry has proven to be more resilient ...
00:10:13

Phishing emails: How to recognize them and how to protect yourself?

https://www.youtube.com/watch?v=iME-CzlKVzc Το phishing είναι ίσως η μεγαλύτερη απειλή στον κυβερνοχώρο εδώ και περισσότερα από πέντε χρόνια. Γι΄...

US and UK condemn Facebook for blocking Australia

Politicians, news agents and civil rights groups in the UK and US have targeted Facebook for its decision to ...

Vaio Z (2021) Released - What are its specifications?

The Vaio Z (2021) was released as the last laptop of Vaio Corporation based in Japan. The laptop comes with a border ...