CVE-2021-27145 in HG6245D
Summary
by MITRE
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/28/2021
The vulnerability identified as CVE-2021-27145 affects FiberHome HG6245D broadband routers operating with firmware version RP2613 and earlier. This represents a critical security flaw that compromises the device's authentication mechanism through the use of hardcoded credentials within the web daemon component. The issue stems from improper secure coding practices where administrative credentials are embedded directly into the firmware source code rather than being dynamically generated or properly secured during the device provisioning process. This flaw allows unauthorized users to gain administrative access to the device without requiring any legitimate authentication process.
The technical implementation of this vulnerability involves hardcoded credentials that persist across device deployments and updates, making it particularly dangerous as it cannot be easily remediated through standard configuration changes. The web daemon service running on the device listens for incoming connections and processes HTTP requests, but due to the hardcoded admin username "admin" and password "lnadmin", any attacker who can reach the device's web interface can authenticate and gain full administrative control. This represents a classic example of a hardcoded credential vulnerability that falls under CWE-798, which specifically addresses the use of hard-coded credentials in software applications. The flaw exists at the application layer of the device's software stack, affecting the web-based management interface that is commonly used for device configuration and monitoring.
The operational impact of this vulnerability extends far beyond simple unauthorized access, as it provides attackers with complete control over the network infrastructure device. An attacker with administrative access can modify network configurations, redirect traffic, install malicious firmware, or establish persistent backdoors within the network. This vulnerability directly enables several attack patterns described in the MITRE ATT&CK framework, particularly those related to credential access and privilege escalation. The attack surface is significantly broadened since these devices are typically deployed in residential and small business environments where network security is often inadequate, making them prime targets for exploitation. The vulnerability also affects the device's ability to maintain secure network operations, as the hardcoded credentials provide an unauthenticated attack vector that can be exploited remotely.
Mitigation strategies for this vulnerability require immediate action to address the hardcoded credential issue. Network administrators should immediately change the default administrative credentials on affected devices if possible, though in many cases the hardcoded nature of the credentials means this approach may not be effective. The most effective remediation involves firmware updates from FiberHome that properly address the hardcoded credential issue, though this requires verification that the update actually removes the hardcoded credentials rather than simply changing them to a new hardcoded value. Network segmentation and firewall rules should be implemented to restrict access to the device's web interface from untrusted networks, and monitoring should be deployed to detect unauthorized access attempts. Additionally, organizations should conduct comprehensive network assessments to identify all affected devices and implement proper device lifecycle management practices that prevent the deployment of devices with hardcoded credentials. The vulnerability also highlights the importance of secure development practices and regular security testing to identify such flaws before they can be exploited by malicious actors.