<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">I think the article may also be confusing OLT and ONT. <div><br></div><div>They are talking about how the “OLT” that is vulnerable is the device that translates the fibre into the copper Ethernet connected to customers equipment which may indicate these are actually ONT’s being talked about or the article authors got their explanation confused. </div><div><br></div><div>For these to be internet exposed presumably they must be including a router function and not simply doing some bridging of customer traffic. </div><div><br></div><div>I haven’t checked (on mobile) but those affected model numbers could confirm if it’s OLT, ONT, or both. Possibly the confusion could come from the bug affecting both. <br><br><div dir="ltr"><span style="background-color: rgba(255, 255, 255, 0);">Regards</span><div><span style="background-color: rgba(255, 255, 255, 0);">Alexander</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><div><span style="background-color: rgba(255, 255, 255, 0);">Alexander Neilson</span></div><div><span style="background-color: rgba(255, 255, 255, 0);">Neilson Productions Limited</span></div><div><span style="background-color: rgba(255, 255, 255, 0);">021 329 681</span></div><div><span style="background-color: rgba(255, 255, 255, 0);">alexander@neilson.net.nz</span></div></div><div dir="ltr"><br><blockquote type="cite">On 11/07/2020, at 08:04, Mel Beckman <mel@beckman.org> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and VoIP traffic pass on VLANs, typically encrypted. These are passive optical network (PON) devices, where all CPE in a group of, say, 32 premises receive the same light via an optical splitter.
Thus network partitioning is a requirement of the architecture. There is no concept of a traditional “WAN” port facing the Internet. <br>
<br>
<div dir="ltr">-mel via cell</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jul 10, 2020, at 12:21 PM, Owen DeLong <owen@delong.com> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="">Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT.</div>
<div class=""><br class="">
</div>
<div class="">Owen</div>
<div class=""><br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Jul 10, 2020, at 11:01 , Mel Beckman <<a href="mailto:mel@beckman.org" class="">mel@beckman.org</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="auto" class="">But who, who I ask, opens their management interface to the public Internet?!?!
<div class=""><br class="">
</div>
<div class="">Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad :-)<br class="">
<br class="">
<div dir="ltr" class="">-mel via cell</div>
<div dir="ltr" class=""><br class="">
<blockquote type="cite" class="">On Jul 10, 2020, at 10:00 AM, Owen DeLong <<a href="mailto:owen@delong.com" class="">owen@delong.com</a>> wrote:<br class="">
<br class="">
</blockquote>
</div>
<blockquote type="cite" class="">
<div dir="ltr" class=""> <a href="https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872" class="">
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872</a>
<div class=""><br class="">
</div>
<div class="">Wow… Just wow.</div>
<div class=""><br class="">
</div>
<div class="">Owen</div>
<div class=""><br class="">
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</div>
</blockquote>
</div></blockquote></div></body></html>