Login Sign Up

CVE-2021-27145

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

FiberHome HG6245D devices contain hardcoded admin credentials (admin/lnadmin) in the web daemon, allowing attackers to gain administrative access. This affects all devices through firmware version RP2613. The vulnerability enables complete compromise of the device.

💻 Affected Systems

Products:
  • FiberHome HG6245D
Versions: All versions through RP2613
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface of the optical network terminal (ONT) devices.

📦 What is this software?

Hg6245d Firmware by Fiberhome

View all CVEs affecting Hg6245d Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control, can reconfigure the device, intercept network traffic, install malware, or use as a pivot point into internal networks.

🟠

Likely Case

Unauthorized administrative access leading to device configuration changes, network monitoring, or credential harvesting.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted administrative access and network segmentation.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be directly compromised by anyone with the hardcoded credentials.
🏢 Internal Only: HIGH - Even internally, any user with network access can exploit these credentials to gain administrative privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only web browser access to the management interface using credentials admin/lnadmin.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

Contact FiberHome or ISP for firmware updates. No official patch information available.

🔧 Temporary Workarounds

Disable web management interface

all

Disable the vulnerable web daemon if not required for operation

Specific commands depend on device configuration and access level

Network access restrictions

linux

Restrict access to the management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

  • Isolate device on separate VLAN with strict network segmentation
  • Implement network monitoring for unauthorized access attempts to management interface

🔍 How to Verify

Check if Vulnerable:

Attempt to access the device web interface at http://[device-ip] using credentials admin/lnadmin

Check Version:

Check firmware version in web interface or via telnet/ssh if available

Verify Fix Applied:

Verify that admin/lnadmin credentials no longer work and that new unique credentials are required

📡 Detection & Monitoring

Log Indicators:

  • Successful authentication with admin/lnadmin credentials
  • Multiple failed login attempts followed by admin login

Network Indicators:

  • HTTP requests to device management interface from unexpected sources
  • Traffic patterns indicating configuration changes

SIEM Query:

source="device_logs" (username="admin" OR username="lnadmin") AND action="login_success"

📊 Metadata

CVE ID: CVE-2021-27145
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: February 10, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27145, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)