Cleartext Password Storage Vulnerability in FiberHome HG6245D Devices
CVE-2021-27140

7.5HIGH

Key Information:

Vendor: Fiberhome
Status: Hg6245d Firmware
Vendor: CVE Published:; 10 February 2021

Summary

A security issue was identified in FiberHome HG6245D devices, where sensitive information, including passwords and authentication cookies, is stored in cleartext within web.log HTTP logs. This exposure can allow unauthorized users to access critical credentials, leading to potential security breaches. It is crucial for users and administrators to assess the impact of this vulnerability and take immediate measures to secure their devices.

References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Feb 10, 2021