Fiberhome

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-27148 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.
CVE-2021-27147 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.
CVE-2021-27146 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP.
CVE-2021-27145 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP.
CVE-2021-27144 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g\|u credentials for an ISP.
CVE-2021-27143 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.
CVE-2021-27142 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions.
CVE-2021-27141 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g key. (The webs binary has de...Show more An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)Show less
CVE-2021-27140 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.
CVE-2021-27139 1Fiberhome 1Hg6245d Firmware Nov 21, 2024 Feb 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.
CVE-2019-17186 1Fiberhome 1Hg2201t Firmware Nov 21, 2024 Oct 8, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 /var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.
CVE-2019-17187 1Fiberhome 1Hg2201t Firmware Nov 21, 2024 Oct 8, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 /var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.
CVE-2018-9249 1Fiberhome 1Vdsl2 Modem Hg 150 Ub Firmware Nov 21, 2024 Apr 4, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.
CVE-2018-9248 1Fiberhome 1Vdsl2 Modem Hg 150 Ub Firmware Nov 21, 2024 Apr 4, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.
CVE-2017-16887 1Fiberhome 1Lm53q1 Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/passw...Show more The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.Show less
CVE-2017-16886 1Fiberhome 1Lm53q1 Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change...Show more The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.Show less
CVE-2017-16885 1Fiberhome 1Lm53q1 Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the informati...Show more Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.Show less
CVE-2017-15647 1Fiberhome 1Routerfiberhome Firmware May 13, 2026 Oct 19, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVE-2017-14147 1Fiberhome 1Adsl An1020 25 Firmware May 13, 2026 Sep 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-...Show more An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.Show less
CVE-2017-5544 1Fiberhome 1Fengine S5800 Firmware May 13, 2026 Jan 23, 2017 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger a...Show more An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.Show less

Previous 1 23