CRITICAL🇵🇱 Wersja polska

CVE-2025-63353

CVSS 9.8v3.1pub. 2025-11-12upd. 2025-12-31

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

🤖 AI Analysis
How it works

The device in firmware version RP4423 applies a deterministic algorithm to generate the default Wi-Fi password (WPA/WPA2 PSK) directly based on the SSID value broadcast by the router. An attacker who can read the network SSID (e.g., through passive Wi-Fi scanning) is able to reproduce the password without any access to the device or user interaction. The lack of randomness in the password generation process makes the factory default configuration predictable for every device of this model.

Impact

An attacker can gain unauthorized access to the Wi-Fi network protected by a default password, which opens the way to eavesdropping on network traffic, lateral movement in the local network, and potential takeover of connected devices.

Mitigation & patch

The default Wi-Fi password should be immediately changed to a strong, random password unique to the device. Patches available from the manufacturer should be applied according to references or contact the internet service provider to update the firmware. Until the patch is deployed, it is also recommended to disable SSID broadcasting as a measure to reduce exposure.

Who is affected

FiberHome GPON ONU HG6145F1 with firmware version RP4423

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Fiberhome Hg6145f1

    HW
    Fiberhome
    wszystkie wersje
  • Fiberhome Hg6145f1 Firmware

    OS
    Fiberhome
    rp4423
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27145CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adm...

CVE-2021-27143CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded use...

CVE-2021-27141CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are o...

CVE-2021-27144CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i...

CVE-2021-27146CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adm...