PT-2021-17290 · Fiberhome · Fiberhome Hg6245D

Pierre Kim

Published

2021-02-10

Updated

2021-02-12

CVE-2021-27171

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: FiberHome HG6245D versions through RP2613

Description: An issue was discovered on FiberHome HG6245D devices, allowing an attacker to start a Linux telnetd as root on port 26/tcp. This can be achieved by using the CLI interface commands ddd and shell (or tshell).

Recommendations: For FiberHome HG6245D versions through RP2613, consider disabling the ddd and shell (or tshell) commands in the CLI interface as a temporary workaround until a patch is available. Restrict access to the CLI interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-27171

Affected Products

Fiberhome Hg6245D

PT-2021-17290 · Fiberhome · Fiberhome Hg6245D

CVE-2021-27171

Weakness Enumeration

Related Identifiers

Affected Products

References · 4