CVE-2025-63353
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-12-31
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fiberhome | hg6145f1_firmware | rp4423 |
| fiberhome | hg6145f1 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-63353 is a vulnerability in the FiberHome GPON ONU HG6145F1 router where the factory default Wi-Fi password can be predicted from the SSID. The device generates default passwords using a deterministic algorithm that relates the SSID and password through a mathematical equation: the hexadecimal suffix of the SSID plus the hexadecimal suffix of the password equals 0xFFFFFF. This allows an attacker who can see the SSID to compute the default password without any authentication or user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to your wireless network because an attacker can predict the default Wi-Fi password just by observing the SSID. This unauthorized access can result in data theft, surveillance, and compromise of network security. Attackers could exploit this to intercept sensitive information or use your network for malicious activities. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying FiberHome GPON ONU HG6145F1 devices on your network and checking their SSIDs. Since the SSID follows a pattern like "fh_<hexadecimal_string>", you can scan for SSIDs matching this pattern. Once identified, you can compute the default password by subtracting the hexadecimal value in the SSID from 0xFFFFFF. For example, using command-line tools like 'iwlist' or 'nmcli' on Linux to scan Wi-Fi networks and extract SSIDs. Then, use a script or calculator to perform the subtraction to predict the default password. Example command to scan SSIDs: `sudo iwlist wlan0 scan | grep ESSID`. After obtaining the SSID, extract the hex part and compute the password as described. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the default SSID and Wi-Fi password to unpredictable values, disabling WPS (Wi-Fi Protected Setup), updating the router firmware if updates are available, segregating critical traffic on separate devices or networks, and considering replacing the ISP-provided router if the vulnerability cannot be fixed. These actions reduce the risk of unauthorized access due to predictable default passwords. [1]