CVE-2025-63353
📋 TL;DR
This vulnerability allows attackers to predict the default Wi-Fi password on FiberHome GPON ONU HG6145F1 routers by observing the SSID, using a deterministic algorithm. Anyone using these routers with default Wi-Fi settings is affected, enabling unauthorized network access without authentication.
💻 Affected Systems
- FiberHome GPON ONU HG6145F1
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete network compromise allowing man-in-the-middle attacks, data interception, malware deployment, and use of the network for further attacks.
Likely Case
Unauthorized Wi-Fi access leading to bandwidth theft, network monitoring, and potential credential harvesting from unencrypted traffic.
If Mitigated
Limited impact if Wi-Fi password has been changed from default, though initial exposure during setup remains.
🎯 Exploit Status
Attack requires physical proximity to observe SSID. Tools available on GitHub demonstrate the password derivation algorithm.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Change Wi-Fi password immediately via router admin interface.
🔧 Temporary Workarounds
Change Wi-Fi Password
allManually change the Wi-Fi password to a strong, unique value not derived from SSID
Access router admin interface (typically 192.168.1.1)
Navigate to Wireless Settings
Change WPA/WPA2 Pre-shared Key to strong password
Disable Wi-Fi Broadcasting
allHide SSID broadcast to prevent attackers from observing network name
Access router admin interface
Navigate to Wireless Settings
Disable SSID Broadcast/Hide Network Name
🧯 If You Can't Patch
- Change Wi-Fi password immediately to strong, unique value
- Enable MAC address filtering to restrict authorized devices
- Disable WPS if enabled
- Monitor router logs for unauthorized connection attempts
🔍 How to Verify
Check if Vulnerable:
Check if using default Wi-Fi password. Use published algorithm with your SSID to see if it matches current password.Check Version:
Check router admin interface for firmware version, typically under System Status or AboutVerify Fix Applied:
Verify new Wi-Fi password is strong, unique, and doesn't match algorithm output from SSID.📡 Detection & Monitoring
Log Indicators:
- Unknown MAC addresses connecting to Wi-Fi
- Failed authentication attempts from new devices
Network Indicators:
- Unexpected devices on Wi-Fi network
- Unusual traffic patterns from new MAC addresses
SIEM Query:
Search for new MAC addresses on wireless network or failed Wi-Fi authentication events