CVE-2025-29525
📋 TL;DR
DASAN GPON ONU H660WM devices contain hardcoded default credentials in their control panel, allowing attackers to gain administrative access. This affects users of the specific hardware and firmware versions who haven't changed the default credentials. The vulnerability enables unauthorized control over the modem's configuration and network settings.
💻 Affected Systems
- DASAN GPON ONU H660WM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control, enabling network traffic interception, device reconfiguration for malicious purposes, or using the device as an entry point into the internal network.
Likely Case
Unauthorized users access the control panel to modify network settings, change passwords, or disrupt internet connectivity for affected users.
If Mitigated
If credentials are changed from defaults, the vulnerability is effectively neutralized with minimal operational impact.
🎯 Exploit Status
Exploitation requires knowledge of the default credentials, which may be publicly documented or easily guessable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Change default credentials immediately as a mitigation.
🔧 Temporary Workarounds
Change Default Credentials
allImmediately change the default administrative credentials to strong, unique passwords.
Access control panel via web interface and navigate to administration/security settings to change password
Network Segmentation
allIsolate affected devices on separate network segments to limit potential lateral movement.
🧯 If You Can't Patch
- Change all default credentials immediately
- Restrict network access to control panel interface
- Monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to log into the device's web control panel using default credentials (check device documentation or common defaults like admin/admin).Check Version:
Check device web interface or console for firmware version H660WMR210825 and hardware version DS-E5-583-A1Verify Fix Applied:
Verify that default credentials no longer work and only your changed credentials provide access.📡 Detection & Monitoring
Log Indicators:
- Failed login attempts followed by successful login with default credentials
- Configuration changes from unknown IP addresses
Network Indicators:
- Unusual traffic patterns from the modem
- External connections to the modem's administrative interface
SIEM Query:
source="modem_logs" AND (event="login_success" AND user="admin") OR (event="config_change" AND source_ip!=internal_range)