A critical security issue (CVE-2021-34795) has been identified in the Cisco Catalyst PON CGP-ONT-* (Passive Optical Network) series switches, which allows, when the telnet protocol is enabled, to connect to the switch with administrator rights using a pre-known debug account left by the manufacturer in firmware. The problem manifests itself only when you activate the ability to access via telnet in the settings, which is disabled by default.
In addition to the presence of an account with a pre-known password, the considered switch models also revealed two vulnerabilities (CVE-2021-40112, CVE-2021-40113) in the web interface that allow an unauthenticated attacker who does not know the login parameters to execute his commands with root rights and make changes to the settings. By default, access to the web interface is allowed only from the local network, unless this behavior is overridden in the settings.
At the same time, a similar problem (CVE-2021-40119) with a predefined engineering login was detected in the Cisco Policy Suite software product, in which an SSH key prepared in advance by the manufacturer was installed, allowing a remote attacker to gain access to the system with root rights.
Source: opennet.ru