CVE-2021-27171 – This vulnerability allows attackers to start a ... (How to Fix)

Q: What is the severity of CVE-2021-27171?

CVE-2021-27171 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to start a telnet daemon with root privileges on FiberHome HG6245D devices by using specific CLI commands. This enables complete device compromise and potential network access. Affected are FiberHome HG6245D devices through firmware version RP2613.

📋 TL;DR

This vulnerability allows attackers to start a telnet daemon with root privileges on FiberHome HG6245D devices by using specific CLI commands. This enables complete device compromise and potential network access. Affected are FiberHome HG6245D devices through firmware version RP2613.

💻 Affected Systems

Products:

FiberHome HG6245D

Versions: Through RP2613

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires CLI access to the device, which may be available via web interface or serial connection.

📦 What is this software?

Hg6245d Firmware by Fiberhome

View all CVEs affecting Hg6245d Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise leading to network infiltration, data interception, and use as pivot point for attacking other network devices.

🟠

Likely Case

Local network attackers gain root access to the device, enabling configuration changes, traffic monitoring, and persistence.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated device compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires CLI access but commands are simple and documented in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later than RP2613

Vendor Advisory: https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Contact FiberHome for updated firmware. 3. Backup configuration. 4. Apply firmware update. 5. Reboot device. 6. Verify fix.

🔧 Temporary Workarounds

Disable CLI Access

all

Restrict or disable CLI interface access to prevent command execution

Network Segmentation

all

Isolate affected devices in separate VLAN with strict access controls

🧯 If You Can't Patch

Implement strict network access controls to limit device exposure
Monitor for telnet connections on port 26 and block suspicious activity

🔍 How to Verify

Check if Vulnerable:

Attempt to access CLI interface and execute 'ddd' and 'shell' or 'tshell' commands

Check Version:

Check device web interface or use CLI command to display firmware version

Verify Fix Applied:

Check firmware version is later than RP2613 and verify CLI commands no longer start telnetd

📡 Detection & Monitoring

Log Indicators:

CLI command execution logs showing 'ddd' or 'shell' commands
Telnet service startup on port 26

Network Indicators:

Unexpected telnet connections to port 26
Network scans targeting port 26

SIEM Query:

destination_port:26 AND protocol:telnet

📊 Metadata

CVE ID: CVE-2021-27171

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 10, 2021

Last Updated: November 21, 2024

🔗 References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-privilege-escalation Exploit,Third Party Advisory
https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-privilege-escalation Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27171, you might also want to check these: