<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT.</div><div class=""><br class=""></div><div class="">Owen</div><div class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Jul 10, 2020, at 11:01 , Mel Beckman <<a href="mailto:mel@beckman.org" class="">mel@beckman.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">

<div dir="auto" class="">
But who, who I ask, opens their management interface to the public Internet?!?!
<div class=""><br class="">
</div>
<div class="">Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad :-)<br class="">
<br class="">
<div dir="ltr" class="">-mel via cell</div>
<div dir="ltr" class=""><br class="">
<blockquote type="cite" class="">On Jul 10, 2020, at 10:00 AM, Owen DeLong <<a href="mailto:owen@delong.com" class="">owen@delong.com</a>> wrote:<br class="">
<br class="">
</blockquote>
</div>
<blockquote type="cite" class="">
<div dir="ltr" class=""> <a href="https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872" class="">
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872</a>
<div class=""><br class="">
</div>
<div class="">Wow… Just wow.</div>
<div class=""><br class="">
</div>
<div class="">Owen</div>
<div class=""><br class="">
</div>
</div>
</blockquote>
</div>
</div>

</div></blockquote></div><br class=""></div></body></html>