sb-nz logo
Story image

C-DATA OLT firmware has intentional backdoors, allege researchers

13 Jul 2020

A range of optical line termination (OLT) devices made by China-based manufacturer and vendor C-DATA may be riddled with vulnerabilities and backdoors.

These OLT devices provide fibre-to-the-home (FTTH) connectivity to clients through optical network terminals (ONTs).  These devices are commonly used by telecommunications and internet service providers to deliver internet to their customers.

Security researchers Pierre Kim and Alexandre Torres published details of the vulnerabilities in a blog last week, stating that the OLTs have evident backdoors that could allow an attacker to take over with complete administrator access.

The affected C-Data OLTs are badged as different brands including BLIY, Cdata, OptiLink, and V-SOL CN. According to the researchers, all available OLT models across these brands are affected.

The researchers used two OLT devices, the FD1104B and FD110SN and the relevant up-to-date firmware versions ((V1.2.2 and 2.4.05_000, 2.4.04_001 and 2.4.03_000 respectively) to validate the vulnerabilities.

One vulnerability relates to a telnet server running in the device. It is accessible from the WAN interface and from the FTTH LAN interface (from the ONTs). allows attackers to gain CLI access using a number of different login credentials. These credentials differ depending on what firmware the device is running.

After an attacker has gained CLI access, they can then access administrator credentials by running a simple command.

The attacker can then conduct a command injection within the CLI, which allows an attacker to execute commands as root.

Furthermore, an attacker can also execute denial of services, telnet credentials, web credentials, and SNMP communities.

Researchers say that the devices also include a weak custom encryption algorithm. 

Because the devices rely on remote management through HTTP, telnet and SNMP, there is no secure support through the likes of SSL/TLS for HTTP, or SSH.  The researchers say attackers can intercept passwords send in plain text, and then operate man-in-the-middle (MITM) attacks against the devices.

The researchers believe that some of these backdoors are not mistakes.

“Full disclosure is applied as we believe some backdoors are intentionally placed by the vendor,” they conclude.

As at 13 July 2020, C-Data has not made any public announcement about the vulnerabilities. 

The researchers name the affected devices below.

“Using static analysis, these vulnerabilities also appear to affect all available OLT models as the codebase is similar:

  • 72408A
  • 9008A
  • 9016A
  • 92408A
  • 92416A
  • 9288
  • 97016
  • 97024P
  • 97028P
  • 97042P
  • 97084P
  • 97168P
  • FD1002S
  • FD1104
  • FD1104B
  • FD1104S
  • FD1104SN
  • FD1108S
  • FD1204S-R2
  • FD1204SN
  • FD1204SN-R2
  • FD1208S-R2
  • FD1216S-R1
  • FD1608GS
  • FD1608SN
  • FD1616GS
  • FD1616SN
  • FD8000
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 months
This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More