CVE-2025-44178
📋 TL;DR
DASAN GPON ONU H660WM routers with firmware version H660WMR210825 have improper access control in default settings, allowing attackers to access sensitive information and modify configurations via UPnP protocol without authentication. This affects all users with these devices in default configuration.
💻 Affected Systems
- DASAN GPON ONU H660WM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could reconfigure the router to intercept all network traffic, install malware on connected devices, or use the device as part of a botnet.
Likely Case
Attackers would gain unauthorized access to router configuration, potentially changing DNS settings, exposing internal services, or stealing credentials.
If Mitigated
With proper access controls and UPnP disabled, the attack surface is significantly reduced to authenticated attacks only.
🎯 Exploit Status
Exploitation requires network access to the UPnP service on the WAN interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for updated firmware
Vendor Advisory: https://gist.github.com/stevenyu113228/a1fab78fa34a86f7416aa2aa33284fd1
Restart Required: Yes
Instructions:
1. Contact DASAN Networks for updated firmware. 2. Download and verify firmware. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Reboot router.
🔧 Temporary Workarounds
Disable UPnP on WAN interface
allPrevents unauthorized access via UPnP protocol from external networks
Change default credentials
allEnsure strong authentication is enabled for router administration
🧯 If You Can't Patch
- Place router behind a firewall that blocks UPnP traffic (port 1900/udp) from external networks
- Implement network segmentation to isolate the vulnerable device from critical systems
🔍 How to Verify
Check if Vulnerable:
Check if UPnP is enabled on WAN interface in router configuration and verify firmware version is H660WMR210825Check Version:
Login to router admin interface and check firmware version in system informationVerify Fix Applied:
After firmware update, verify UPnP is properly restricted and test that unauthorized UPnP requests from WAN are blocked📡 Detection & Monitoring
Log Indicators:
- Unauthorized UPnP discovery requests from external IPs
- Configuration changes without admin login
Network Indicators:
- UPnP M-SEARCH packets from external sources to port 1900/udp
- Unexpected configuration changes via UPnP
SIEM Query:
source_ip=external AND dest_port=1900 AND protocol=UDP AND payload CONTAINS "M-SEARCH"