odd, the way VLAN is provision is not same as me even same OLT, haha

have told TM and still no answer, I guess they don't care

I try to compile required document, but... only I know, thing some one in Hack GPON group didn't disclose the exploit, so I can't report this as I don't know how to replicate their exploit

blstz like OKLY said, just use old ONT since you are on 1G plan, this much better then use D-Link on random issue later on

you need ask to not bind the Serial Number,

however, you can copy D-Link SN to old ONU, like Huawei HG8240H (or H5) can set S/N, just use D-Link S/N

nope, one of my friend overseas still can enter even in v2.0.3, even they get WG working by back porting the kernel.

D-Link now become VPN point for them xD

that's a mystery,

either they don't know, or already patch but still there, or they don't care since because sold to TM cheap cheap

what I can told from my friend, they just say "not using known CVE", I guess they found a way to attack D-Link remotely even NATed via VLAN 209 to find another D-Link ONR.

whatever it is, ISP equipment is never been secure

TM not paid enough to maintain security since.

many people already using own Router that managed by Asus, TP-LINK, Mikrotik, Ubiquiti, etc... that have active security patches.

I know VLAN209 is for management, for good.
but once got a weak point, it come a checkpoint to crawl deeper within ISP private network

that is why old ONU Bridge since we been using are fine and never been use as Internet Routing.

all of sudden Unifi also offer ONR solution, trade off security for cheaper internet

No, I can't upload that, sadly you need ask TM technician for that

apparently, just to be safe
still, not to use ISP equipment if concern about security

since DNS debacle, many overseas companies who use 2Gbps plan, use my PON Stick,
they don't trust TM because anytime mcmc can force ISP to push stock DNS via OMCI or TR069

I working on patching the firmware, just now I got a screenshot where D-Link DPN-FX3060V_2.0.3 successfully exploited

Screenshot, blur sensitive information





It appear using msf6 (Metasploit Framework) apart from their RAT (Remote Access Tools), where msf code just striped down from RAT

but it appear the D-Link can be pawned

what more dangerous, can override Inactive Firmware partition as you see at last command, where:

1. Check current active partition, it appear partition 1 (secondary) is active as V2.0.3 installed.
2. Use 'NC' to accept connection and pipe hacked firmware to inactive partition 0 (primary) where V2.0.2 is reside
3. Attacker can force to boot hacked firmware and clone to another partition

In order patching these exploit, I need their code, at least strip down msf code

or

remove all cloud stuff, disable TR142, TR069, and other stuff.

even in Bridge mode, this exploit has multiple stages and can find more victim via VLAN209 and 400

the thing is, I didn't give V2.0.3 to them, somehow they manage to get it, what they told me, same exploit can be use

this D-Link pawned has been sold in zero day market... because potential money generator, aka VPN Node, Botnet, etc... since who own D-Link is has high speed internet...

...

I no idea then, only way to save D-Link is,
by remove everything and dumb down as DUMB ONT Bridge! No Routing, No ISP Management, No WiFi

what do you think?

I don't think so, to make internet cheap, device security is second. (not paid enough to maintain security)
for example, cheap router like TOTO LINK, don't care vulnerability
can't be sure how many, but plenty compromised device around the world
with right fingerprint, can found on Shodan IoT search engine

just plug old one, no config needed

I put OpenSpeedTest inside D-Link DPN-FX3060V:



just dumb, the boa web server not that fast, not multi threading, and upload cannot work

with my spare time, I improved the stock firmware, as usual I port PON Stick to here, planning make bridge mode only



I add "Nijika OS" to display hardware info, MIB and OMCI stuff

still, I wont patch the vulnerability, so many binary related to each other

After modding to make D-Link ONR become dumb (ONT Bridge), porting the PON Stick files into D-Link and recompile, now testing

Dumb D-Link Wireless is disabled, No Router, No NAT, just bridge with ME 171 override


Login Screen


Nijika OS


VLAN


I not sure why Nokia OLT suddenly push VLAN 500 into VEIP? what's make it? previously don't have:


Note: TM is clear on this, flashing modded firmware will invalidate the warranty, so, this firmware will push -NIJIKA prefixes into OMCI message.

I have earlier,
during Binary Diff, still contain vulnerable, cause I not share bad firmware

Another Update,

It appear that Zyxel also make ONR, and use same SoC and board as D-Link DPN-FX3060V A1 hardware!!!





UBoot Init
D-Link A1:


Zyxel:


Booting Kernel
D-Link A1:


Zyxel:


Inside Zyxel


WebGUI Zyxel


---

Well, I waiting for him to dump NAND Flash, so we can build proper OpenWRT for D-Link A1 and Zyxel ONR.

Since using OpenWRT, no more exploit

Zyxel and D-Link both use same SoC and same Taurus reference board, what I checked for now, only D-Link A1 hardware share quite a lot similarly.

we just have incomplete reverse engineer SDK

but, compile for ARM64 not that hard, like Zyxel did, use OpenWRT tool chain,

see if can use Zyxel kernel and driver on D-Link, if required patching, so be it.

let say DPN-FX3060V A1 has completed OpenWRT Build, still can't update firmware via WebGUI, need flash directly into NAND

since both use UBI underlying MTD, and Zyxel ONR can't login root yet, so MTD layout is unknown.

in group said, is possible just copy Zyxel to D-Link as is, they theories it will boot

How about SoC, it is ZTE own ARM CPU ?