OS Command Injection Vulnerability in FiberHome AN5506-01A ONU GPON by FiberHome
CVE-2025-1616

5.1MEDIUM

Key Information:

Vendor
Fiberhome
Status
An5506-01a Onu Gpon
Vendor
CVE Published:
24 February 2025

Summary

A security vulnerability has been identified in the FiberHome AN5506-01A ONU GPON RP2511, which involves the Diagnosis component. This flaw allows attackers to manipulate the Destination Address argument, potentially leading to OS command injection. The vulnerability can be exploited remotely, raising the risk of unauthorized command execution. Information regarding this vulnerability has been publicly disclosed, and despite attempts to notify the vendor, no acknowledgment has been received.

Affected Version(s)

AN5506-01A ONU GPON RP2511

References

https://vuldb.com/?id.296606
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296606
signaturepermissions-required
https://vuldb.com/?submit.501483
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.