Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hg6245d_firmware
(Fiberhome)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 40 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-10 | CVE-2021-27139 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27140 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27141 | An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.) | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27142 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27143 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27144 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27145 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27146 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27147 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27148 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. | Hg6245d_firmware | 9.8 |