CVE-2021-27175 – CVE-2021-27175 exposes WiFi passwords in cleart... (How to Fix)

Q: What is the severity of CVE-2021-27175?

CVE-2021-27175 has a CVSS score of 7.5 (HIGH). CVE-2021-27175 exposes WiFi passwords in cleartext within a configuration file on FiberHome HG6245D devices. This allows any local user or process to read sensitive credentials without authentication. Affected users are those with FiberHome HG6245D devices running firmware through RP2613.

📋 TL;DR

CVE-2021-27175 exposes WiFi passwords in cleartext within a configuration file on FiberHome HG6245D devices. This allows any local user or process to read sensitive credentials without authentication. Affected users are those with FiberHome HG6245D devices running firmware through RP2613.

💻 Affected Systems

Products:

FiberHome HG6245D

Versions: through RP2613

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable due to the file permissions and cleartext storage.

📦 What is this software?

Hg6245d Firmware by Fiberhome

View all CVEs affecting Hg6245d Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to the WiFi network, potentially compromising all connected devices and enabling man-in-the-middle attacks.

🟠

Likely Case

Local users or malware on the device can steal WiFi credentials, leading to unauthorized network access.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the local device only.

🌐 Internet-Facing: LOW - The vulnerability requires local access to the device filesystem.

🏢 Internal Only: HIGH - Any local user or process can read the cleartext passwords.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the device but is trivial once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check with FiberHome for firmware updates.

🔧 Temporary Workarounds

Change file permissions

linux

Restrict read access to the wifictl_2g.cfg file to prevent unauthorized reading

chmod 600 /path/to/wifictl_2g.cfg

Encrypt sensitive data

linux

Manually encrypt WiFi passwords in configuration files

Use device-specific encryption tools if available

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local access to the device
Monitor for suspicious file access attempts to wifictl_2g.cfg

🔍 How to Verify

Check if Vulnerable:

Check if /path/to/wifictl_2g.cfg exists and has 0644 permissions with cleartext passwords

Check Version:

Check firmware version through device web interface or CLI

Verify Fix Applied:

Verify file permissions are restricted (e.g., 600) and passwords are no longer in cleartext

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to wifictl_2g.cfg file

Network Indicators:

Unexpected devices connecting to WiFi network

SIEM Query:

file_access AND file_path:"*wifictl_2g.cfg*" AND user:!authorized_user

📊 Metadata

CVE ID: CVE-2021-27175

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: February 10, 2021

Last Updated: November 21, 2024

🔗 References

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#system-credentials-clear-text-files Exploit,Third Party Advisory
https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#system-credentials-clear-text-files Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27175, you might also want to check these: