Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fiberhome Subscribe
Total 55 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38814 1 Fiberhome 2 An5506-02-b, An5506-02-b Firmware 2022-09-19 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.
CVE-2022-36200 1 Fiberhome 2 Hg150-ub, Hg150-ub Firmware 2022-09-02 N/A 7.5 HIGH
In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.
CVE-2021-27173 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI).
CVE-2021-41946 1 Fiberhome 2 Hg150-ub, Hg150-ub Firmware 2022-05-26 3.5 LOW 5.4 MEDIUM
In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS.
CVE-2021-42912 1 Fiberhome 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more 2021-12-21 9.0 HIGH 8.8 HIGH
FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.
CVE-2017-5544 1 Fiberhome 6 Fengine 28f-s, Fengine 52f-s, Fengine 52t-s and 3 more 2021-09-08 7.1 HIGH 5.9 MEDIUM
An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.
CVE-2019-17186 1 Fiberhome 2 Hg2201t, Hg2201t Firmware 2021-07-21 9.0 HIGH 8.8 HIGH
/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.
CVE-2017-14147 1 Fiberhome 2 Adsl An1020-25, Adsl An1020-25 Firmware 2021-07-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
CVE-2021-27143 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.
CVE-2021-27141 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)
CVE-2021-27140 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.
CVE-2021-27144 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.
CVE-2021-27168 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d password for the rdsadmin account.
CVE-2021-27167 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init_3bb_password in libci_adaptation_layer.so.
CVE-2021-27166 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon.
CVE-2021-27165 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials.
CVE-2021-27169 1 Fiberhome 2 An5506-04-fa, An5506-04-fa Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon password for the gepon account.
CVE-2021-27172 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh.
CVE-2021-27177 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 7.5 HIGH 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server.
CVE-2021-27170 1 Fiberhome 2 Hg6245d, Hg6245d Firmware 2021-02-11 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet.