Unauthenticated Access to GPON OLTs Could Enable Full ISP Network Takeover
What Happened – Researchers at Quarkslab demonstrated that many GPON Optical Line Terminals (OLTs) expose unauthenticated management interfaces. By chaining this access with other known flaws, an attacker can pivot to the cloud‑based fleet manager and seize control of an entire ISP’s infrastructure.
Why It Matters for TPRM –
- A single compromised OLT can give threat actors visibility into, and control of, thousands of customer connections.
- ISP‑provided services are often a critical third‑party component for enterprises; a breach can cascade downstream to corporate networks.
- The vulnerability stems from default credentials and insecure firmware, issues that are often overlooked in vendor risk assessments.
Who Is Affected – Telecommunications providers (TELCO), FTTH service operators, and any organization that relies on third‑party ISP connectivity.
Recommended Actions –
- Verify that all OLTs are running the latest firmware and have default credentials disabled.
- Conduct a supply‑chain audit of OLT vendors for secure development practices.
- Implement network segmentation to isolate OLT management interfaces from the broader corporate network.
Technical Notes – The attack leverages unauthenticated HTTP/HTTPS management ports on GPON OLTs, combined with known firmware bugs (e.g., CVE‑2025‑XXXX) to gain root access, then uses the cloud fleet manager API to propagate control across the provider’s core network. Data at risk includes subscriber traffic, authentication tokens, and internal routing tables. Source: Quarkslab Blog – How OLTs may have exposed entire ISP networks