A security researcher has found numerous security vulnerabilities in FiberHome routers. Some of these vulnerabilities might affect the other routers as well (besides the tested ones). While some of them may be inadvertent bugs, other flaws resemble more like intentional backdoors.
Vulnerabilities In FiberHome Routers
Security researcher Pierre Kim has shared a detailed report on his findings highlighting numerous flaws with FiberHome devices. Specifically, he noticed at least 28 different security vulnerabilities affecting multiple FiberHome routers.
FiberHome Networks is basically a Chinese networking and telecommunication giant that produces different related equipment for vendors globally, including routers.
Briefly, Kim identified the security issues in FTTH ONT router firmware while testing the models FiberHome HG6245D and FiberHome RP2602. However, given the similarity of the codebase, the researcher suspects that these issues may also impact other models.
As observed, the router firmware prevents web panel abuse by protecting the IPv4 interface. It also repels botnet threats by disabling the Telnet management feature by default.
However, the router lacks the same measures for the IPv6 interface. Thus, anyone with access to the IPv6 address can exploit the device.
Besides, Kim also found other vulnerabilities that allow taking over the ISP infrastructure. These include the device’s MAC address leakage that also allows Telnet connections via maliciously crafted HTTPS requests, storage of passwords and cookies in plaintext, exposure of SSL certificate stored on the device that permits MiTM attacks, and 22 hardcoded credentials in the management panel.
Moreover, other vulnerabilities triggering privilege escalation, authentication bypass, and dos attacks also exist.
Are Patches Available?
The researcher found these vulnerabilities in early 2020. While he publicly disclosed the bugs recently, he preferred a full disclosure owing to suspected intentional backdoors.
Full-disclosure is applied as it is believed that some backdoors have been intentionally placed by the vendor.
It remains unclear whether the vendors have addressed any or all of the bugs in the latest firmware. The vendors haven’t released any official statement yet in this regard.