← Back

CVE-2025-63353

nvd nist
Published: Nov 12, 2025Modified: Dec 31, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

Affected (1)

Fiberhome
1 product
Hg6145f1 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Hg6145f1 Firmware
Version rp4423
Running on/withPlatform Versions
Fiberhome
Hg6145f1
All versions

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.