Wow… Just wow.
Owen
But who, who I ask, opens their management interface to the public Internet?!?!
Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad 
-mel via cell
Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT.
Owen
The “WAN” port of an OLT is it’s management port. Data, IPTV, and VoIP traffic pass on VLANs, typically encrypted. These are passive optical network (PON) devices, where all CPE in a group of, say, 32 premises receive the same light via an optical splitter. Thus network partitioning is a requirement of the architecture. There is no concept of a traditional “WAN” port facing the Internet.
-mel via cell
Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” distribution node, the ONT is the CPE. The vulnerability is in the distribution node, not the CPE. No provider with any sense exposes their distribution node admin interface to the Internet.
-mel via cell
Well here are a couple hundred:
https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System
-Keith
I think the article may also be confusing OLT and ONT.
They are talking about how the “OLT” that is vulnerable is the device that translates the fibre into the copper Ethernet connected to customers equipment which may indicate these are actually ONT’s being talked about or the article authors got their explanation confused.
For these to be internet exposed presumably they must be including a router function and not simply doing some bridging of customer traffic.
I haven’t checked (on mobile) but those affected model numbers could confirm if it’s OLT, ONT, or both. Possibly the confusion could come from the bug affecting both.
Regards
Alexander
Alexander Neilson
Neilson Productions Limited
021 329 681
alexander@neilson.net.nz
All of the part numbers I was able to find a description of (after sifting through the numerous pages copying the vulnerability disclosure) appeared to be low-cost, low- to mid-density pizza-box EPON OLTs. I didn't see any ONUs, but then I also didn't find data on everything.
I know a low of EPON deployments go for all-in-ones with the ONU, router, WLAN, etc. integrated into a single box presumably because it's cheaper for initial deployment than separate boxes for ONU and CPE router/AP. No indication of those being affected in this notice, at least that I could find.
From the original at https://pierrekim.github.io/blog/2020-07-07-cdata-olt-0day-vulnerabilities.html it is very clear that we are talking about the OLT.
However any sane deployment would not be exposing the management to the internet. You would have that stuff on a vlan separate from customer traffic. I realise there are plenty of not so sane deployments out there.
Regards,
Baldur
Almost no surprise they are all third world, still scary in a sense. Might just have to rethink a blacklist strategy for traffic originating behind those locations.
And unlike routers, switches (and OLT's) don't seem to get as much love
re: vulnerability software upgrades with operators, despite the vendors
putting our code often enough (C-Data notwithstanding, of course).
Mark.
Well, if the attacker were able to find a way into your bastion host...
Mark.
A number of vendors, these days, implement Active-E and GPON in the same
chassis, and you can decide what you want to run it as.
I recall Cisco picked up some company back around 2014 that gave them
this style of box in the ME4600. Not sure how it's doing nowadays.
Tejas do the same with their Ethernet boxes.
Mark.
Still don't know what "third world" means (of course I do...), but
looking at what the guy in the top seat in America is doing, we are as
equally concerned about kit coming out of there as we are coming out of
anywhere else.
I will say that where we once had confidence that the traditional
vendors had us in their best interests, that trust level is not
automatically the same in 2020.
Mark.
Still don't know what "third world" means (of course I do...), but
Obviously he means countries like Sweden, Ireland and Switzerland.
It's not clear why there's any relationship between third world status and the choice of PON/active FTTP equipment used in 2020. Or maybe there's some subtlety that being lost here. Hard to tell.
Nick
:-).
Mark.
Fiscal and logistic reasons, would be my guess.
Nick was being facetious :-). Mark.