Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Hg6245d_firmware
(Fiberhome)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 40 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-10 | CVE-2021-27170 | An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27171 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell). | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27172 | An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27173 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=calculated(BR0_MAC) backdoor API, without authentication, provided by the HTTP server. This will remove firewall rules and allow an attacker to reach the telnet server (used for the CLI). | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27174 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27175 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext passwords and 0644 permissions. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27176 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27177 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. | Hg6245d_firmware | 9.8 | ||
| 2021-02-10 | CVE-2021-27178 | An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. | Hg6245d_firmware | 7.5 | ||
| 2021-02-10 | CVE-2021-27179 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. | Hg6245d_firmware | 7.5 |