Predictable Wi-Fi Password Vulnerability in FiberHome GPON ONU Devices
CVE-2025-63353

9.8CRITICAL

Key Information:

Vendor: FiberHome
Status: GPON ONU HG6145F1
Vendor: CVE Published:; 12 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-63353?

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows attackers to predict the factory default Wi-Fi password. The device utilizes a deterministic algorithm that derives the pre-shared key from the SSID, enabling unauthorized individuals to gain access to the network simply by observing the SSID. This vulnerability poses significant security risks as potential attackers require no authentication or user intervention to exploit it.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-63353
Created by hanianis

References

https://github.com/hanianis/CVE-2025-63353

https://medium.com/@hanianis.bouzid/fiberhome-gpon-onu-mo...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
🟡
Public PoC available
Nov 5, 2025
👾
Exploit known to exist
Nov 5, 2025
Vulnerability Reserved
Oct 27, 2025

JSON