Weak Credentials Exploit in Bharti Airtel Xstream Fiber WiFi Password Handler
CVE-2025-1081

2.3LOW

Key Information:

Vendor

Bharti Airtel

Status
Xstream Fiber
Vendor
CVE Published:
6 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-1081?

A vulnerability in the Bharti Airtel Xstream Fiber has been identified within the WiFi Password Handler, allowing for the potential use of weak credentials. This issue requires an attacker to be within the local network for exploitation, making the attack complexity relatively high. Despite the difficulty associated with executing this exploit, it has been publicly disclosed, raising concerns for users. It is advised that users immediately alter their configuration settings to mitigate risks associated with this vulnerability, especially since the vendor did not respond to early disclosures regarding this issue.

Affected Version(s)

Xstream Fiber 20250123

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1081 - Proof of Concept

References

https://vuldb.com/?id.294857
vdb-entry
https://vuldb.com/?ctiid.294857
signaturepermissions-required
https://vuldb.com/?submit.488582
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

alokkumar0200 (VulDB User)
.
CVE-2025-1081 : Weak Credentials Exploit in Bharti Airtel Xstream Fiber WiFi Password Handler