CVE-2020-23592 An unauthenticated, remote attacker can conduct a CSRF attack to reset the ONU to factory default.

An attacker can hijack the session of an authenticated user to log-in as a 'root' user and delete files or perform other actions as 'root' user. OptiLink also provides a remote management interface for users to install new ONUs and configure network settings. An attacker can exploit the vulnerability to perform remote configuration of the device. It can be exploited by sending a request with CSRF. The vulnerability exists due to insufficient input validation. An attacker can send a request to ' /mgm_dev_reset.asp' to reset ONU to factory default. A CSRF exploit can be used to reset ONU to factory default (CVE-2018-17137). OptiLink is a virtualised Ethernet switch, with a PoE functionality. It can be managed remotely via a web browser. This makes it an attractive target for hackers. Users should be careful about opening links in emails and clicking on links in social media posts. Users should make sure that they have strict password policies in place. OptiLink products are recommended to have 2FA enabled to prevent CSRF attacks. OptiLink has released a new firmware version to address the vulnerability. Users are recommended to update their firmware to the latest version as soon

OptiLink Virtual Ethernet Switch

The vulnerability is due to insufficient input validation. An attacker is able to send a request for " /mgm_dev_reset.asp" which resets ONU to factory default. OptiLink has released a new firmware version to address the vulnerability. Users are recommended to update their firmware to the latest version as soon as possible.

OptiLink - A Remote Access Controller?

A remote access controller is a device that provides the capability to remotely manage networked hardware. The OptiLink product is smartphone compatible and provides a web-based interface for managing ONUs and setting configuration settings, giving the ability to remotely configure and manage your ONU. This makes it an attractive target for hackers as it can be exploited by sending a request with CSRF.

OptiLink firmware version

OptiLink has released a new firmware version to address the vulnerability. Users are recommended to update their firmware to the latest version as this will patch the vulnerability and remove any unpatched vulnerability.

Timeline

Published on: 11/23/2022 02:15:00 UTC
Last modified on: 11/23/2022 20:58:00 UTC

References

• https://github.com/huzaifahussain98/CVE-2020-23592
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23592