A critical vulnerability has been identified in JM-DATA ONU devices, specifically version 1.0.67 of the JF511-TV model. The device uses static, default credentials which, if unchanged, allow unauthenticated attackers to gain full administrative control, posing a severe risk of network compromise, data interception, and service disruption.

The vulnerability exists due to the use of hardcoded, default credentials for administrative access. An attacker with network access to the device's management interface can use these publicly known credentials to log in with the highest level of privileges. This allows the attacker to view or modify all device configurations, monitor network traffic passing through the device, disable services, or use the compromised device as a pivot point to launch further attacks against the internal network.

This vulnerability is rated as critical, with a CVSS score of 9.8, reflecting the extreme ease of exploitation and the potential for complete system compromise. Successful exploitation could lead to significant business disruption, including loss of internet connectivity, unauthorized access to sensitive internal network resources, and data exfiltration. An attacker could manipulate network traffic, conduct man-in-the-middle attacks, or install persistent backdoors, severely impacting the confidentiality, integrity, and availability of business operations and data.

Immediate Action: The primary remediation step is to immediately change the default administrative password on all affected JM-DATA ONU devices. If a vendor-supplied firmware update is available to address this issue, it should be applied as soon as possible. Organizations should also review access logs for any signs of unauthorized logins using the default credentials.

Proactive Monitoring: Implement continuous monitoring of network device logs, specifically looking for successful or repeated failed login attempts to management interfaces from untrusted IP addresses. Monitor for unexpected configuration changes, unusual outbound traffic originating from the ONU device, or alterations to DNS settings, as these can be indicators of compromise.

Compensating Controls: If patching or changing credentials is not immediately feasible, restrict network access to the device's management interface (e.g., web portal, SSH, Telnet) to a limited set of trusted administrative IP addresses. Employ network segmentation to isolate the ONU device from critical internal network segments, limiting the potential impact of a compromise.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the trivial nature of exploitation, we strongly recommend that organizations take immediate action. All affected JM-DATA ONU devices must be identified and their default credentials must be changed without delay. Even though this vulnerability is not on the CISA KEV list, its high severity presents a clear and present danger to the network, and remediation should be treated as a top priority.