Lucene search

MitreCVE-2021-27162

HistoryFeb 10, 2021 - 7:15 p.m.

CVE-2021-27162

2021-02-1019:15:14

CWE-798

mitre

web.nvd.nist.gov

fiberhome

hg6245d

web daemon

hardcoded credentials

vulnerability

isp

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.812

Percentile

98.4%

JSON

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP.

Affected configurations

Nvd

Node

fiberhomehg6245d_firmwareRange≤rp2613

AND

fiberhomehg6245dMatch-

VendorProductVersionCPE
fiberhomehg6245d_firmware*cpe:2.3:o:fiberhome:hg6245d_firmware:*:*:*:*:*:*:*:*
fiberhomehg6245d-cpe:2.3:h:fiberhome:hg6245d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fiberhome	hg6245d_firmware	*	cpe:2.3:o:fiberhome:hg6245d_firmware::::::::
fiberhome	hg6245d	-	cpe:2.3:h:fiberhome:hg6245d:-:::::::*

References

pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.812

Percentile

98.4%

JSON

Related for CVE-2021-27162