CVE-2021-27179 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2021-27179?

CVE-2021-27179 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to crash the telnet daemon on FiberHome HG6245D devices by sending a specific malformed string. This causes a denial-of-service condition, disrupting telnet access. Affected users are those running vulnerable versions of FiberHome HG6245D devices with telnet enabled.

📋 TL;DR

This vulnerability allows remote attackers to crash the telnet daemon on FiberHome HG6245D devices by sending a specific malformed string. This causes a denial-of-service condition, disrupting telnet access. Affected users are those running vulnerable versions of FiberHome HG6245D devices with telnet enabled.

💻 Affected Systems

Products:

FiberHome HG6245D

Versions: through RP2613

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires telnet service to be enabled and accessible.

📦 What is this software?

Hg6245d Firmware by Fiberhome

View all CVEs affecting Hg6245d Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial-of-service rendering telnet service unavailable, potentially requiring device reboot to restore functionality.

🟠

Likely Case

Temporary telnet service disruption until the daemon restarts or device reboots.

🟢

If Mitigated

No impact if telnet is disabled or devices are patched/isolated.

🌐 Internet-Facing: HIGH - Telnet is often exposed to the internet on these devices, and exploitation requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt telnet services, but impact is limited to denial-of-service.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple string transmission causes crash; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not publicly available

Restart Required: No

Instructions:

No official patch available. Check with FiberHome for firmware updates beyond RP2613.

🔧 Temporary Workarounds

Disable telnet service

all

Completely disable the telnet daemon to prevent exploitation.

Specific commands vary by device configuration. Typically via web interface: Administration > Services > Disable Telnet

Restrict network access

linux/windows

Block telnet port (23) at network perimeter or firewall.

iptables -A INPUT -p tcp --dport 23 -j DROP
netsh advfirewall firewall add rule name="Block Telnet" dir=in action=block protocol=TCP localport=23

🧯 If You Can't Patch

Disable telnet service entirely and use SSH if available.
Isolate affected devices in separate network segments with strict access controls.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If version is RP2613 or earlier with telnet enabled, device is vulnerable.

Check Version:

Device-specific; typically via web interface or telnet/SSH login and checking firmware info.

Verify Fix Applied:

Verify telnet service is disabled or device firmware is updated beyond RP2613.

📡 Detection & Monitoring

Log Indicators:

Telnet daemon crash logs
Repeated connection attempts to port 23 with specific payload patterns

Network Indicators:

Traffic to port 23 containing hex string 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a

SIEM Query:

destination_port:23 AND payload_contains:"0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a"

📊 Metadata

CVE ID: CVE-2021-27179

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: February 10, 2021

Last Updated: November 21, 2024

🔗 References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-dos Exploit,Third Party Advisory
https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-dos Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27179, you might also want to check these: