CVE-2025-63353
CRITICALDescription
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| fiberhome | hg6145f1_firmware |
| fiberhome | hg6145f1 |
References
Frequently Asked Questions
What is CVE-2025-63353? +
How severe is CVE-2025-63353? +
What products are affected by CVE-2025-63353? +
How do I check if I'm vulnerable to CVE-2025-63353? +
Related Vulnerabilities
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode …
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in …
Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in …
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes …
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, malicious algorithms can potentially access other algorithms …
A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately …