Around 28 Backdoors are reported in FiberHome FTTH ONT routers. FiberHome is a telecommunication technology company that provides information and communication network products. FiberHome gets establish in 1999, with a mission is to Maximize the Potential of Digital connections and for the benefit of society.

But, various vulnerabilities and more than 28 backdoor accounts are discovered in FTTH ONT router firmware, widely used by people of Southeast Asia and South America.

The FiberHome product named FTTH ONT stands for Fiber-to-the-home Optical-Network-Terminal. This device is fitted at the endpoint of optical fiber and its role is to convert the optical signals sent via fiber optics cables into WiFi or classic Ethernet connections. These devices are generally installed in an apartment building or home or organizations that choose the gigabit-subscriptions.

Now, you may think about what happens with FiberHome? Which vulnerabilities were discovered? What is the solution and many more? For this, you have to read the upcoming section.

How this All Started?

Last week, a security researcher Pierre Kim discovered multiple security issues with FiberHome HG6245D and RP2602, FTTH ONT router models manufactured by FiberHome networks.

According to the expert, the FiberHome engineers are failed to apply the protections to the router’s IPv6 interface. These devices’ firewall is only got activated on IPv4, not in IPv6. This would allow the attackers to get direct access to all the router’s internal services if they know about IPv6 address to access the device.

The security researcher also makes a complete list of all the backdoors and vulnerabilities present on the device, which signifies that the attackers may misuse and take over the ISP infrastructure which leads to several problems.

Now, go through the upcoming section to know about the vulnerabilities in detail.

List of Vulnerabilities Discovered?

According to the security researcher, these issues discovered mentioned below;

• It leaks the device details accessed from the browser with JavaScript disabled.
• It contains a backdoor mechanism that allows the attacker to access the device MAC address to start the Telnet connection to the router by transmitting the crafted request ie. [https://[ip]/telnet?enable=0&key=calculated(BR0_MAC)].
• All the passwords and the authentication cookies for the admin panel are stored in cleartext in HTTP logs.
• The management interface is secured by hardcoded SSL certificates that preserved in the devices that can be downloaded and used by MitM and other attackers.
• The server management panel that deals with the list of 22 hardcoded details that were added by different internet service providers.
• Firmware included the hardcoded credentials while managing the device via TR-069 protocol.
• Multiple passwords of other routers are kept in cleartext inside the firmware

According to the number and nature of these hardcoded accounts inside the firmware the security researcher also said that some backdoors are intentionally placed by the vendor itself.

Along with that the researcher also warns that the vulnerabilities present could also affect other FiberHome models because all are connected through the network.

Summering Up

FiberHome is always compromised by these types of vulnerabilities even in May 2020, the United Stated government blacklist the FiberHome and eight other Chinese tech companies.

The US official also says that these companies were complicit in human rights violations and abuses committed. They have also forced labor and high-tech surveillance against the Uighursm ethnic Kazakhs and members of Muslim minority groups in XUAR.