This post will describe a backdoor account found in the Zhone GPON-2520 and will provide a PoC which can be used to disable the firewall filtration rules in order to allow access to services such as ssh, telnet and ftp.
Posted on Dec 18, 2014
Huawei HG8245 & HG8247 ONT (firmware version V1R006C00S100) rely on a weak algorithm to calculate the WPA keys, keys can be predicted easily using the WiFi's MAC Address (BSSID).
Posted on May 22, 2014
The ONT Alcatel-Lucent I-240W-Q is vulnerable to arbitrary command execution in the administrative web interface.
Posted on Dec 19, 2013
The Huawei HG8245 ONT, firmware version V1R006C00S100 which provides cellular services, contains 3 severe vulnerabilities: two administrator accounts enabled by default and a public administration interface exposed to the Internet.
Posted on Dec 09, 2013
Several vulnerabilties were discovered in ZPanel 10.0.1 during our pro bono security audit. The ZPanel team has addressed these issues in version 10.0.2 and it is advised to upgrade.
Posted on Jun 25, 2013