Hardcoded Credentials Vulnerability in FiberHome HG6245D
CVE-2021-27151

9.8CRITICAL

Key Information:

Vendor: Fiberhome
Status: Hg6245d Firmware
Vendor: CVE Published:; 10 February 2021

Summary

A significant security flaw has been identified in FiberHome HG6245D devices, where a web daemon has hardcoded credentials embedded within the system. This vulnerability allows unauthorized access using the credentials 'rootmet' and 'm3tr0r00t', which are associated with an Internet Service Provider. The presence of these hardcoded credentials poses a potential risk, enabling attackers to gain control over the devices and exploit them for various malicious activities.

References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Feb 10, 2021