The ZTE F670Y is a high-end GPON/XGS-PON Optical Network Terminal (ONT) commonly deployed by ISPs (e.g., Claro, Telmex, Telenet, Vodafone). Unlike basic ONTs, it packs a Dual-band Wi-Fi 6 radio, VoIP, USB 3.0, and a full Linux-based OS. This write-up covers what happens inside the live firmware ("hot")—from bootchain to root access and hidden backdoors.
cat /proc/kmsg
Shows OMCI messages, OLT interactions, and crash traces. zte f670y firmware hot
Even on latest firmware (v9.0.10P3N2), here are live, unpatched vulnerabilities: Deep Dive: ZTE F670Y Firmware — Internals, Hot
The 2.4GHz and 5GHz radios have Power Amplifiers. Firmware contains a "calibration table" (EEPROM dump). If the firmware is generic (not tuned for your specific region/country code), the PAs may default to maximum transmission power (27dBm) . Kernel log (real-time) cat /proc/kmsg
