299 matches found
CVE-2021-27140
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs...
CVE-2021-27139
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp...
CVE-2021-27142
An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...
CVE-2021-27146
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP...
CVE-2021-27148
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP...
CVE-2021-27151
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP...
CVE-2021-27166
An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon...
CVE-2021-27160
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP...
CVE-2021-27173
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0=calculatedBR0MAC backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server used for the CLI...
CVE-2021-27143
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP...
CVE-2021-27152
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP...
CVE-2021-27170
An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet...
CVE-2021-27149
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP...
CVE-2021-27167
An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init3bbpassword in libciadaptationlayer.so...
CVE-2021-27176
An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl5g.cfg has cleartext passwords and 0644 permissions...
CVE-2021-4464
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service 'webs' fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,...
CVE-2021-4464
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service 'webs' fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,...
CVE-2021-4464 FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service 'webs' fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,...
CVE-2021-4464 FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service 'webs' fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun,...
CVE-2021-4464
The CVE-2021-4464 entry affects FiberHome AN5506-04-FA (firmware up to RP2631) and HG6245D (up to RP2602). The issue is a stack-based buffer overflow in the HTTP service (webs) caused by not enforcing cookie header length limits, triggering overflow when a cookie >511 bytes is processed, leadi...