9.8

CVE-2025-63353

Exploit

EPSS 2.05%
Veröffentlicht 12.11.2025 16:15:36
Zuletzt bearbeitet 31.12.2025 16:52:00
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fiberhome ≫ Hg6145f1 Firmware Versionrp4423

Fiberhome ≫ Hg6145f1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.05%	0.834

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/hanianis/CVE-2025-63353

Third Party Advisory

https://medium.com/@hanianis.bouzid/fiberhome-gpon-onu-model-hg6145f1-router-predictable-wifi-passwords-and-real-risks-d8e54da385d3

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-63353

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-63353

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-63353

EUVD