Vulnerabilities > CVE-2021-27173 - Unspecified vulnerability in Fiberhome Hg6245D Firmware Rp2613

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

fiberhome

NVD

Published: 2021-02-10

Updated: 2022-07-12

Summary

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).

Vulnerable Configurations

Part	Description	Count
OS	Fiberhome Fiberhome Hg6245D Firmware Rp2613	1
Hardware	Fiberhome Fiberhome Hg6245D -	1

References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-infoleak