C-Data OLT Devices Found Containing Backdoor Accounts

Backdoor entries identified

• The vulnerabilities could lead to backdoor access via Telnet, allowing an attacker to connect to the device via a Telnet server running on the device's WAN (internet-facing) interface.
• The vulnerabilities allow an attacker to gain complete administrator CLI access, and list list credentials in cleartext in the Telnet CLI for all the other device administrators. Researchers also found that attackers could also exploit it to execute shell commands with root privileges and perform pre-auth remote denial of service (DoS).
• The devices also used a weak encryption algorithm to store encrypted passwords and the management interface did not support SSL/TLS for HTTP or SSH, thereby leaving the door open for attackers to perform man-in-the-middle attacks (MITM) attacks.
• These vulnerabilities may also impact other devices running similar firmware. It is believed that some of the backdoors were intentionally placed in the firmware by the vendor.

Network devices at risk

• In July 2020, a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) was found exploiting a vulnerability (CVE-2020-10173) in specific versions of IP cameras, smart TVs, and routers, among other devices.
• In June 2020, a new Mozi variant included several known malware families in its distribution chain and targeted IoT devices, predominantly routers, and DVRs.
• In the same month, a firmware flaw in some home routers, sold by Japanese networking and storage firm Buffalo and its US subsidiary Buffalo Americas, made the devices vulnerable to cyberattacks.

Best practices