sb-nz logo
Story image

C-DATA OLT firmware has intentional backdoors, allege researchers

13 Jul 2020

A range of optical line termination (OLT) devices made by China-based manufacturer and vendor C-DATA may be riddled with vulnerabilities and backdoors.

These OLT devices provide fibre-to-the-home (FTTH) connectivity to clients through optical network terminals (ONTs).  These devices are commonly used by telecommunications and internet service providers to deliver internet to their customers.

Security researchers Pierre Kim and Alexandre Torres published details of the vulnerabilities in a blog last week, stating that the OLTs have evident backdoors that could allow an attacker to take over with complete administrator access.

The affected C-Data OLTs are badged as different brands including BLIY, Cdata, OptiLink, and V-SOL CN. According to the researchers, all available OLT models across these brands are affected.

The researchers used two OLT devices, the FD1104B and FD110SN and the relevant up-to-date firmware versions ((V1.2.2 and 2.4.05_000, 2.4.04_001 and 2.4.03_000 respectively) to validate the vulnerabilities.

One vulnerability relates to a telnet server running in the device. It is accessible from the WAN interface and from the FTTH LAN interface (from the ONTs). allows attackers to gain CLI access using a number of different login credentials. These credentials differ depending on what firmware the device is running.

After an attacker has gained CLI access, they can then access administrator credentials by running a simple command.

The attacker can then conduct a command injection within the CLI, which allows an attacker to execute commands as root.

Furthermore, an attacker can also execute denial of services, telnet credentials, web credentials, and SNMP communities.

Researchers say that the devices also include a weak custom encryption algorithm. 

Because the devices rely on remote management through HTTP, telnet and SNMP, there is no secure support through the likes of SSL/TLS for HTTP, or SSH.  The researchers say attackers can intercept passwords send in plain text, and then operate man-in-the-middle (MITM) attacks against the devices.

The researchers believe that some of these backdoors are not mistakes.

“Full disclosure is applied as we believe some backdoors are intentionally placed by the vendor,” they conclude.

As at 13 July 2020, C-Data has not made any public announcement about the vulnerabilities. 

The researchers name the affected devices below.

“Using static analysis, these vulnerabilities also appear to affect all available OLT models as the codebase is similar:

  • 72408A
  • 9008A
  • 9016A
  • 92408A
  • 92416A
  • 9288
  • 97016
  • 97024P
  • 97028P
  • 97042P
  • 97084P
  • 97168P
  • FD1002S
  • FD1104
  • FD1104B
  • FD1104S
  • FD1104SN
  • FD1108S
  • FD1204S-R2
  • FD1204SN
  • FD1204SN-R2
  • FD1208S-R2
  • FD1216S-R1
  • FD1608GS
  • FD1608SN
  • FD1616GS
  • FD1616SN
  • FD8000
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Women in cybersecurity – what is holding us back?
A robust and diverse workforce with wide-ranging skills and depth of experience is essential for providing balance, safety and continuity to both the industry and countries at large. More
Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Nokia: Cyber attacks on internet-connected devices on the rise
Cyberattacks on internet-connected devices continue to rise at an alarming rate due to poor security protections.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More