C-Data OLT Devices Found Containing Backdoor Accounts

For people who suspect that most China-made hardware products can be compromised, there is a full plate discovery. Security researchers have identified intentional backdoors in the most widespread types of networking devices FTTH OLT.

Backdoor entries identified

Security researchers Pierre Kim and Alexandre Torres discovered seven vulnerabilities in several firmware versions (v1.2.2 and 2.4.05_000, 2.4.04_001 and 2.4.03_000) of 29 FTTH OLT devices from popular Chinese vendor, C-Data.
  • The vulnerabilities could lead to backdoor access via Telnet, allowing an attacker to connect to the device via a Telnet server running on the device's WAN (internet-facing) interface.
  • The vulnerabilities allow an attacker to gain complete administrator CLI access, and list list credentials in cleartext in the Telnet CLI for all the other device administrators. Researchers also found that attackers could also exploit it to execute shell commands with root privileges and perform pre-auth remote denial of service (DoS).
  • The devices also used a weak encryption algorithm to store encrypted passwords and the management interface did not support SSL/TLS for HTTP or SSH, thereby leaving the door open for attackers to perform man-in-the-middle attacks (MITM) attacks.
  • These vulnerabilities may also impact other devices running similar firmware. It is believed that some of the backdoors were intentionally placed in the firmware by the vendor.

Network devices at risk

Attackers often abuse network devices to gain illegitimate access and then remotely control the devices. Recently, several attackers were seen targeting popular routers and IoT devices in targeted attacks.
  • In July 2020, a new Mirai variant (detected as IoT.Linux.MIRAI.VWISI) was found exploiting a vulnerability (CVE-2020-10173) in specific versions of IP cameras, smart TVs, and routers, among other devices.
  • In June 2020, a new Mozi variant included several known malware families in its distribution chain and targeted IoT devices, predominantly routers, and DVRs.
  • In the same month, a firmware flaw in some home routers, sold by Japanese networking and storage firm Buffalo and its US subsidiary Buffalo Americas, made the devices vulnerable to cyberattacks.

Best practices

Users should change their network device credentials frequently and implement secure SSH on network devices. Also, it is advised to limit the IP ranges that can manage the network infrastructure and disable unused network ports.