Gepon Password Vulnerability in FiberHome AN5506-04-FA Devices
CVE-2021-27169

9.8CRITICAL

Key Information:

Vendor: Fiberhome
Status: An5506-04-fa Firmware
Vendor: CVE Published:; 10 February 2021

What is CVE-2021-27169?

A security issue was identified in FiberHome AN5506-04-FA devices running firmware RP2631, involving a hardcoded gepon password for the gepon account. This vulnerability potentially exposes the device to unauthorized access, as it does not require user-input credentials for access. Network administrators should assess the associated risks and implement mitigations to protect against potential exploitation.

References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2021
Vulnerability Reserved
Feb 10, 2021

JSON

Fiberhome

What is CVE-2021-27169?

References

CVSS V3.1

Timeline