CVE 9.8 CRITICAL

CVE-2025-63353_CVE-2025-63353

November 13, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

AI Analysis

Predictable Wi-Fi password vulnerability in FiberHome GPON ONU HG6145F1 RP4423

Basic Information

ID CVE-2025-63353

Source mitre

Published Nov 12, 2025 at 00:00

Modified Nov 13, 2025 at 15:55

Affected Product

Vendor FiberHome

Product FiberHome GPON ONU HG6145F1 RP4423

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-284

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor FiberHome

Product FiberHome GPON ONU HG6145F1 RP4423

Version n/a

References

{
    "lastseen": "",
    "description": "A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.",
    "published": "2025-11-12T00:00:00.000Z",
    "modified": "2025-11-13T15:55:57.714Z",
    "type": "cve",
    "title": "CVE-2025-63353",
    "source": "mitre",
    "references": "https://github.com/hanianis/CVE-2025-63353\nhttps://medium.com/@hanianis.bouzid/fiberhome-gpon-onu-model-hg6145f1-router-predictable-wifi-passwords-and-real-risks-d8e54da385d3",
    "id": "CVE-2025-63353",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FiberHome GPON ONU HG6145F1 RP4423",
    "version": "n/a",
    "vendor": "FiberHome",
    "ai_description": "Predictable Wi-Fi password vulnerability in FiberHome GPON ONU HG6145F1 RP4423",
    "ai_severity": "Critical",
    "ai_vendor": "FiberHome",
    "ai_product": "FiberHome GPON ONU HG6145F1 RP4423",
    "ai_version": "n/a",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply