OS Command Injection Vulnerability in FiberHome AN5506-01A ONU GPON by FiberHome
CVE-2025-1616

5.1MEDIUM

Key Information:

Vendor: Fiberhome
Status: An5506-01a Onu Gpon
Vendor: CVE Published:; 24 February 2025

What is CVE-2025-1616?

A security vulnerability has been identified in the FiberHome AN5506-01A ONU GPON RP2511, which involves the Diagnosis component. This flaw allows attackers to manipulate the Destination Address argument, potentially leading to OS command injection. The vulnerability can be exploited remotely, raising the risk of unauthorized command execution. Information regarding this vulnerability has been publicly disclosed, and despite attempts to notify the vendor, no acknowledgment has been received.

Affected Version(s)

AN5506-01A ONU GPON RP2511

References

https://vuldb.com/?id.296606

vdb-entrytechnical-description

https://vuldb.com/?ctiid.296606

signaturepermissions-required

https://vuldb.com/?submit.501483

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 23, 2025

Credit

Fergod (VulDB User)