21th January 2021

Wuhan Fiberhome Internacional Tecnologias do Brasil Import. e Export. LTDA.

Attention:

Brazilian Market

Subject: Letter of Clarification for FiberHome ONT backdoor issues to

Brazilian Market.

Dear Brazil partners:

We appreciate your notification to recent information about FiberHome ONT

backdoor issues. As a gesture of respect to our supportive Brazil partners and practice
of our customer-centric corporation value, we hereby present you this clarification
letter.

1) In a report published last week, security researcher Pierre Kim said he identified a
large collection of security issues with FiberHome HG6245D（software version
RP2602, released in Apr. 2019）. After detail analysis, all 17 security issues can
be roughly classified into four kinds, had been identified and fixed before the
release of this report in subsequent software version. The details are as follows.
a) Web vulnerability: wrong information, already solved in RP2602.
b) Telnet access vulnerabilities: on WAN side, telnet ports are closed by default.
on LAN side, use higher level of protection measures for telnet security, with
unique password for each ONT to ensure there will be no risk.
c) Insecure IPv6 connectivity: firewall is used to control the access connection to
ONT. At present, only IPv4 based access is allowed and secured，there is no
risk caused by IPv6 connectivity.
d) Clear text password: need to telnet to ONT at LAN side, and use root authority
to view relevant files. FiberHome use separate account/password control for
telnet & root authority, so the risk is very low. Even if the password has been
acquired, it can only affect this ONT while OLT & other ONTs stand
unaffected.
2) FiberHome fully complied with ITU-T X.805（Security architecture for systems
providing end-to-end communications）.
3) All released software version of FiberHome have been verified by authoritative
security scanning tools such as Nesuss, Webinspet and Burpsuite, etc.
4) FiberHome equipment has passed the cyber security verification of PLDT, Globe
and CNT.
FiberHome has always advocated to do its best to protect the ultimate interests of
users, follow the principle of responsible disclosure of security incidents, and deal
with security issues through the security control mechanism.

FiberHome will continue to provide Brazil with the best customer experience, by
delivering high quality product/solution and high-level service/support.

Yours,
Sincerely,

Jia Hu
CEO
Wuhan Fiberhome Internacional Tecnologias do Brasil Importação e Exportação LTDA.
São Paulo 01/21/2021
Appendix