PT-2025-46670 · Fiberhome · Fiberhome Gpon Onu Hg6145F1 Rp4423

Published

2025-11-12

Updated

2026-04-09

CVE-2025-63353

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FiberHome GPON ONU HG6145F1 RP4423

Description A flaw exists in FiberHome GPON ONU HG6145F1 RP4423 that allows prediction of the device’s factory default Wi-Fi password (WPA/WPA2 pre-shared key) from the SSID. The device uses a predictable algorithm to generate default passwords based on the SSID, enabling an attacker observing the SSID to determine the default password without needing authentication or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-63353

Affected Products

Fiberhome Gpon Onu Hg6145F1 Rp4423

PT-2025-46670 · Fiberhome · Fiberhome Gpon Onu Hg6145F1 Rp4423

CVE-2025-63353

Weakness Enumeration

Related Identifiers

Affected Products

References · 9