Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

guest · Jul 10, 2020

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data
The backdoor accounts grant access to a secret Telnet admin account
July 10, 2020
https://www.zdnet.com/article/backd...n-29-ftth-devices-from-chinese-vendor-c-data/

Two security researchers said this week that they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from popular vendor C-Data.

FTTH stands for Fiber-To-The-Home, while OLT stands for Optical Line Termination.
As their name hints, these devices are the termination on a fiber optics network, converting data from an optical line into a classic Ethernet cable connection that's then plugged in a consumer's home, data centers, or business centers.
SEVEN VERY SEVERE VULNERABILITIES
In a report published this week, security researchers Pierre Kim and Alexandre Torres said they discovered seven vulnerabilities in the firmware of FTTH OLT devices manufactured by Chinese equipment vendor C-Data.
Click to expand...

Kim and Torres said they confirmed the vulnerabilities by analyzing the latest firmware running on two devices, but they believe that the same vulnerabilities impact 27 other FTTH OLT models, as they run similar firmware.

The vulnerabilities are as bad as it gets, but by far, the worst and most disturbing of the seven is the presence of Telnet backdoor accounts hardcoded in the firmware.
FULL DISCLOSURE
Kim and Torres said they published their findings today without notifying the vendor as they believe some of the backdoors were intentionally placed in the firmware by the vendor.
Click to expand...

Multiple vulnerabilities found in CDATA OLTs

The CDATA OLTs are OEM FTTH OLTs, sold under different brands (Cdata, OptiLink, V-SOL CN, BLIY), allowing to provide FTTH connectivity to a large number of clients (using ONTs). Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients).
Click to expand...

Log in or Sign up

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

guest Guest

Log in or Sign up

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

guest Guest

Useful Searches