Huawei ONT Devices Epuser Account Firewall Bypass Vulnerability

A vulnerability exists in certain Huawei ONT devices, specifically the EG8141A5 model through V5R019C00S100, the EG8145V5 model through V5R019C00S100, and the EG8145V5-V2 model through V5R021C00S184. This vulnerability allows the Epuser account to disable firewall features, such as the default blocking of SSH and TELNET TCP ports. The issue is related to improper authorization management, enabling a lower-privileged user to manipulate firewall settings.

Impact

Exploitation of this vulnerability could lead to unauthorized access to services running on the SSH and TELNET ports, potentially allowing for further exploitation or manipulation of the device.

Reproduction

The vulnerability can be reproduced by logging into the affected Huawei ONT device using the Epuser account. Once logged in, the firewall settings can be accessed and modified to disable the default port blocking for SSH and TELNET. This unauthorized change can be made despite the user's limited privileges, demonstrating a failure in access control.