FiberhomeCVEs & Vulnerabilities

60 CVEs affecting Fiberhome products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

hg6245d 40hg6245d firmware 40an5506-01-a firmware 4an5506-02-b firmware 4an5506-01-a 4lm53q1 3lm53q1 firmware 3hg150-ub firmware 2
CVE-2021-27140HIGH

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.

10 Feb 2021
7.5
CVSS
CVE-2021-27139HIGH

An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.

10 Feb 2021
7.5
CVSS
CVE-2019-17186HIGH

/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication remote code execution.

8 Oct 2019
8.8
CVSS
CVE-2019-17187HIGH

/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00.M5007_JS_201804 devices allows pre-authentication Directory Traversal for reading arbitrary files.

8 Oct 2019
7.5
CVSS
CVE-2018-9249CRITICAL

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request.

4 Apr 2018
9.8
CVSS
CVE-2018-9248CRITICALpoc

FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.

4 Apr 2018
9.8
CVSS
CVE-2017-16887CRITICALpoc

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.

12 Jan 2018
9.8
CVSS
CVE-2017-16886HIGHpoc

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.

12 Jan 2018
8.8
CVSS
CVE-2017-16885CRITICALpoc

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.

12 Jan 2018
9.8
CVSS
CVE-2017-15647HIGHpoc

On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.

20 Oct 2017
7.5
CVSS
CVE-2017-14147CRITICALpoc

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.

7 Sep 2017
9.8
CVSS
CVE-2017-5544MEDIUM

An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device.

23 Jan 2017
5.9
CVSS
← PrevPage 2 / 2Next →
Fiberhome CVEs & Vulnerabilities — 60 Tracked — Page 2