Search criteria
42 vulnerabilities found for hg6245d by fiberhome
CVE-2021-4464 (GCVE-0-2021-4464)
Vulnerability from nvd – Published: 2025-11-12 22:09 – Updated: 2025-11-21 15:36
VLAI?
Title
FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow
Summary
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FiberHome | AN5506-04-FA |
Affected:
0 , ≤ RP2631
(custom)
|
||
Credits
Pierre Barre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:30:31.859197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:35:47.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AN5506-04-FA",
"vendor": "FiberHome",
"versions": [
{
"lessThanOrEqual": "RP2631",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HG6245D",
"vendor": "FiberHome",
"versions": [
{
"lessThan": "RP2602",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fiberhome:an5506-04-fa_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "rp2631",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fiberhome:hg6245d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "rp2602",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service (\u0027webs\u0027) fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. \u003cbr\u003e"
}
],
"value": "FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service (\u0027webs\u0027) fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T15:36:02.534Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#misc-remote-stack-overflow-an5506"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://pierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txt"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fiberhome-routers-remote-stack-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-01-12T17:00:00.000Z",
"value": "Pierre Kim publicly discloses vulnerability."
}
],
"title": "FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-4464",
"datePublished": "2025-11-12T22:09:20.835Z",
"dateReserved": "2025-11-12T21:24:45.845Z",
"dateUpdated": "2025-11-21T15:36:02.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-4464 (GCVE-0-2021-4464)
Vulnerability from cvelistv5 – Published: 2025-11-12 22:09 – Updated: 2025-11-21 15:36
VLAI?
Title
FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow
Summary
FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service ('webs') fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FiberHome | AN5506-04-FA |
Affected:
0 , ≤ RP2631
(custom)
|
||
Credits
Pierre Barre
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:30:31.859197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:35:47.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AN5506-04-FA",
"vendor": "FiberHome",
"versions": [
{
"lessThanOrEqual": "RP2631",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "HG6245D",
"vendor": "FiberHome",
"versions": [
{
"lessThan": "RP2602",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fiberhome:an5506-04-fa_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "rp2631",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fiberhome:hg6245d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "rp2602",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Pierre Barre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service (\u0027webs\u0027) fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow. \u003cbr\u003e"
}
],
"value": "FiberHome AN5506-04-FA firmware versions up to and including RP2631 and HG6245D prior to RP2602 contain a stack-based buffer overflow, as the HTTP service (\u0027webs\u0027) fails to enforce maximum lengths for Cookie header values. When a cookie longer than 511 bytes is processed, a stack buffer is overrun, leading to a crash or potential control of execution flow."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T15:36:02.534Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#misc-remote-stack-overflow-an5506"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://pierrekim.github.io/advisories/2021-fiberhome-0x00-ont.txt"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/fiberhome-routers-remote-stack-overflow"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-01-12T17:00:00.000Z",
"value": "Pierre Kim publicly discloses vulnerability."
}
],
"title": "FIberHome AN5506-04-FA / HG6245D Routers Remote Stack Overflow",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-4464",
"datePublished": "2025-11-12T22:09:20.835Z",
"dateReserved": "2025-11-12T21:24:45.845Z",
"dateUpdated": "2025-11-21T15:36:02.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202102-1373
Vulnerability from variot - Updated: 2024-11-23 23:11An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function.
There is a trust management vulnerability in FiberHome HG6245D devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d devices",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"cve": "CVE-2021-27142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27142",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18382",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27142",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27142",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27142",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27142",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-18382",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-957",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function. \n\r\n\r\nThere is a trust management vulnerability in FiberHome HG6245D devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27142"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNVD",
"id": "CNVD-2021-18382"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27142",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18382",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"id": "VAR-202102-1373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
}
],
"trust": 1.39822108
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
}
]
},
"last_update_date": "2024-11-23T23:11:07.798000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Patch for FiberHome HG6245D devices trust management issue vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253621"
},
{
"title": "HTTPS and Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-ssl-certificates"
},
{
"trust": 1.2,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27142"
},
{
"trust": 0.6,
"url": "httpd-ssl-certificates"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"date": "2021-02-10T19:15:12.840000",
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003569"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-957"
},
{
"date": "2024-11-21T05:57:24.017000",
"db": "NVD",
"id": "CVE-2021-27142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome HG6245D devices trust management issue vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18382"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-957"
}
],
"trust": 0.6
}
}
VAR-202102-1394
Vulnerability from variot - Updated: 2024-11-23 23:11An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1394",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"cve": "CVE-2021-27163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27163",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11347",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27163",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27163",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27163",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27163",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11347",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-935",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / tele1234 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27163"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNVD",
"id": "CNVD-2021-11347"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27163",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11347",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"id": "VAR-202102-1394",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
}
]
},
"last_update_date": "2024-11-23T23:11:07.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142269"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27163"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"date": "2021-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"date": "2021-02-10T19:15:14.510000",
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11347"
},
{
"date": "2021-10-21T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2021-003247"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-935"
},
{
"date": "2024-11-21T05:57:27.130000",
"db": "NVD",
"id": "CVE-2021-27163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-935"
}
],
"trust": 0.6
}
}
VAR-202102-1415
Vulnerability from variot - Updated: 2024-11-23 23:11An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded GEPON password vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1415",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"cve": "CVE-2021-27172",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27172",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11348",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27172",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27172",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27172",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27172",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11348",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1006",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for root is defined inside /etc/init.d/system-config.sh. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded GEPON password vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27172"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNVD",
"id": "CNVD-2021-11348"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27172",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11348",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"id": "VAR-202102-1415",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
}
]
},
"last_update_date": "2024-11-23T23:11:07.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "FiberHome HG6245D devices Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142620"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-linux-hardcoded-credentials"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27172"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"date": "2021-02-10T19:15:15.120000",
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11348"
},
{
"date": "2021-10-26T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-003400"
},
{
"date": "2021-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1006"
},
{
"date": "2024-11-21T05:57:28.387000",
"db": "NVD",
"id": "CVE-2021-27172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003400"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1006"
}
],
"trust": 0.6
}
}
VAR-202102-1371
Vulnerability from variot - Updated: 2024-11-23 23:07An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"cve": "CVE-2021-27140",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27140",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27140",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27140",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27140",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27140",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-959",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27140"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27140",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003576",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"id": "VAR-202102-1371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59644216
},
"last_update_date": "2024-11-23T23:07:39.260000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142289"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-passwords-logs"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27140"
},
{
"trust": 0.6,
"url": "httpd-passwords-logs"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"date": "2021-02-10T19:15:12.683000",
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003576"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-959"
},
{
"date": "2024-11-21T05:57:23.720000",
"db": "NVD",
"id": "CVE-2021-27140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in plaintext storage of important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-959"
}
],
"trust": 0.6
}
}
VAR-202102-1392
Vulnerability from variot - Updated: 2024-11-23 23:07An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"cve": "CVE-2021-27161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27161",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11345",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27161",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27161",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27161",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27161",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11345",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-936",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27161"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "CNVD",
"id": "CNVD-2021-11345"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27161",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11345",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-936",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"id": "VAR-202102-1392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
}
]
},
"last_update_date": "2024-11-23T23:07:39.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27161"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"date": "2021-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"date": "2021-02-10T19:15:14.340000",
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11345"
},
{
"date": "2021-10-21T07:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-003249"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-936"
},
{
"date": "2024-11-21T05:57:26.863000",
"db": "NVD",
"id": "CVE-2021-27161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-936"
}
],
"trust": 0.6
}
}
VAR-202102-1413
Vulnerability from variot - Updated: 2024-11-23 23:07An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. FiberHome HG6245D A device contains a vulnerability in the insecure storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1413",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d devices",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"cve": "CVE-2021-27170",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27170",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18377",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27170",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27170",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27170",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27170",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-18377",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-990",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewall rules for IPv6 connectivity, exposing the internal management interfaces to the Internet. FiberHome HG6245D A device contains a vulnerability in the insecure storage of important information.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27170"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNVD",
"id": "CNVD-2021-18377"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27170",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18377",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"id": "VAR-202102-1413",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
}
],
"trust": 1.39822108
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
}
]
},
"last_update_date": "2024-11-23T23:07:39.207000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Patch for FiberHome HG6245D devices default configuration problem vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253651"
},
{
"title": "Fiber Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142316"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-922",
"trust": 1.0
},
{
"problemtype": "Insecure storage of important information (CWE-922) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure-ipv6"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27170"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#insecure"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"date": "2021-02-10T19:15:14.950000",
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"date": "2021-10-26T08:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-003427"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-990"
},
{
"date": "2024-11-21T05:57:28.113000",
"db": "NVD",
"id": "CVE-2021-27170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome HG6245D devices default configuration problem vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18377"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-990"
}
],
"trust": 0.6
}
}
VAR-202102-1386
Vulnerability from variot - Updated: 2024-11-23 23:04An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"cve": "CVE-2021-27155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27155",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11340",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27155",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27155",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27155",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27155",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11340",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-944",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27155"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNVD",
"id": "CNVD-2021-11340"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27155",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11340",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"id": "VAR-202102-1386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
}
]
},
"last_update_date": "2024-11-23T23:04:05.916000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142276"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27155"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"date": "2021-02-10T19:15:13.823000",
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11340"
},
{
"date": "2021-10-22T05:13:00",
"db": "JVNDB",
"id": "JVNDB-2021-003300"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-944"
},
{
"date": "2024-11-21T05:57:25.967000",
"db": "NVD",
"id": "CVE-2021-27155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-944"
}
],
"trust": 0.6
}
}
VAR-202102-1380
Vulnerability from variot - Updated: 2024-11-23 23:01An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"cve": "CVE-2021-27149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11334",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27149",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27149",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27149",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27149",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11334",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-950",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNVD",
"id": "CNVD-2021-11334"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27149",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11334",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"id": "VAR-202102-1380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
}
]
},
"last_update_date": "2024-11-23T23:01:04.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "FiberHome HG6245D Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141365"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27149"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"date": "2021-02-10T19:15:13.387000",
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11334"
},
{
"date": "2021-10-22T06:25:00",
"db": "JVNDB",
"id": "JVNDB-2021-003332"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-950"
},
{
"date": "2024-11-21T05:57:25.120000",
"db": "NVD",
"id": "CVE-2021-27149"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-950"
}
],
"trust": 0.6
}
}
VAR-202102-1422
Vulnerability from variot - Updated: 2024-11-23 23:01An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. FiberHome HG6245D The device contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a denial of service vulnerability. An attacker can exploit this vulnerability by sending a specific string to cause the telnet daemon to crash
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"cve": "CVE-2021-27179",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27179",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11354",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27179",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27179",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27179",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27179",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-11354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-998",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. FiberHome HG6245D The device contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a denial of service vulnerability. An attacker can exploit this vulnerability by sending a specific string to cause the telnet daemon to crash",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27179"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNVD",
"id": "CNVD-2021-11354"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27179",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11354",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"id": "VAR-202102-1422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
}
]
},
"last_update_date": "2024-11-23T23:01:04.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "FiberHome HG6245D devices Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142617"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-dos"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"date": "2021-02-10T19:15:15.573000",
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11354"
},
{
"date": "2021-10-26T06:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-003397"
},
{
"date": "2021-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-998"
},
{
"date": "2024-11-21T05:57:30.020000",
"db": "NVD",
"id": "CVE-2021-27179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Input verification vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003397"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-998"
}
],
"trust": 0.6
}
}
VAR-202102-1383
Vulnerability from variot - Updated: 2024-11-23 22:57An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1383",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"cve": "CVE-2021-27152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27152",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11337",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27152",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27152",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27152",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27152",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11337",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-948",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-27152",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27152"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "VULMON",
"id": "CVE-2021-27152"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27152",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11337",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27152",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"id": "VAR-202102-1383",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
}
]
},
"last_update_date": "2024-11-23T22:57:59.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142279"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27152"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"date": "2021-02-10T19:15:13.607000",
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11337"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27152"
},
{
"date": "2021-10-22T05:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-003303"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-948"
},
{
"date": "2024-11-21T05:57:25.553000",
"db": "NVD",
"id": "CVE-2021-27152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003303"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-948"
}
],
"trust": 0.6
}
}
VAR-202102-1419
Vulnerability from variot - Updated: 2024-11-23 22:54An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome.
The wifictl_5g.cfg in FiberHome HG6245D has a security vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1419",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"cve": "CVE-2021-27176",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27176",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11351",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27176",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27176",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27176",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27176",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-11351",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1001",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext passwords and 0644 permissions. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nThe wifictl_5g.cfg in FiberHome HG6245D has a security vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27176"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNVD",
"id": "CNVD-2021-11351"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27176",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11351",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"id": "VAR-202102-1419",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
}
]
},
"last_update_date": "2024-11-23T22:54:54.225000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142324"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#system-credentials-clear-text-files"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27176"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"date": "2021-02-10T19:15:15.370000",
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11351"
},
{
"date": "2021-10-26T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-003398"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1001"
},
{
"date": "2024-11-21T05:57:28.967000",
"db": "NVD",
"id": "CVE-2021-27176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in plaintext storage of important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003398"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1001"
}
],
"trust": 0.6
}
}
VAR-202102-1421
Vulnerability from variot - Updated: 2024-11-23 22:54An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"cve": "CVE-2021-27178",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27178",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11353",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27178",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27178",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27178",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27178",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-11353",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-999",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-27178",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cleartext in nvram. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27178"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "VULMON",
"id": "CVE-2021-27178"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27178",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11353",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27178",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"id": "VAR-202102-1421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
}
]
},
"last_update_date": "2024-11-23T22:54:54.196000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "FiberHome HG6245D devices Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142618"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#system-credentials-clear-text-nvram"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27178"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/312.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"date": "2021-02-10T19:15:15.510000",
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11353"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27178"
},
{
"date": "2021-10-26T06:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-003396"
},
{
"date": "2021-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-999"
},
{
"date": "2024-11-21T05:57:29.880000",
"db": "NVD",
"id": "CVE-2021-27178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in plaintext storage of important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003396"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-999"
}
],
"trust": 0.6
}
}
VAR-202102-1377
Vulnerability from variot - Updated: 2024-11-23 22:51An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"cve": "CVE-2021-27146",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27146",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11331",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27146",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27146",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27146",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27146",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11331",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-951",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27146"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNVD",
"id": "CNVD-2021-11331"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27146",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11331",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"id": "VAR-202102-1377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
}
]
},
"last_update_date": "2024-11-23T22:51:07.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142281"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27146"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"date": "2021-02-10T19:15:13.167000",
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11331"
},
{
"date": "2021-10-22T06:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-003335"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-951"
},
{
"date": "2024-11-21T05:57:24.693000",
"db": "NVD",
"id": "CVE-2021-27146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003335"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-951"
}
],
"trust": 0.6
}
}
VAR-202102-1375
Vulnerability from variot - Updated: 2024-11-23 22:47An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"cve": "CVE-2021-27144",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27144",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11329",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27144",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27144",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27144",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27144",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11329",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-954",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27144"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNVD",
"id": "CNVD-2021-11329"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27144",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11329",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"id": "VAR-202102-1375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
}
]
},
"last_update_date": "2024-11-23T22:47:41.683000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142284"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27144"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"date": "2021-02-10T19:15:13.010000",
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11329"
},
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003579"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-954"
},
{
"date": "2024-11-21T05:57:24.377000",
"db": "NVD",
"id": "CVE-2021-27144"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-954"
}
],
"trust": 0.6
}
}
VAR-202102-1396
Vulnerability from variot - Updated: 2024-11-23 22:47An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function.
There is a trust management vulnerability in FiberHome HG6245D devices. Attackers can use this vulnerability to attack the affected components using default passwords or hard-coded passwords, hard-coded certificates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d devices",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"cve": "CVE-2021-27165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27165",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18380",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27165",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27165",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27165",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27165",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-18380",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-933",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tcp can be abused with the gpon/gpon credentials. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function. \n\r\n\r\nThere is a trust management vulnerability in FiberHome HG6245D devices. Attackers can use this vulnerability to attack the affected components using default passwords or hard-coded passwords, hard-coded certificates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27165"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNVD",
"id": "CNVD-2021-18380"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27165",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18380",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"id": "VAR-202102-1396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
}
],
"trust": 1.39822108
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
}
]
},
"last_update_date": "2024-11-23T22:47:41.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Patch for FiberHome HG6245D devices trust management issue vulnerability (CNVD-2021-18380)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253631"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142267"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-linux-hardcoded-credentials"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27165"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"date": "2021-02-10T19:15:14.620000",
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18380"
},
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003580"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-933"
},
{
"date": "2024-11-21T05:57:27.407000",
"db": "NVD",
"id": "CVE-2021-27165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003580"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-933"
}
],
"trust": 0.6
}
}
VAR-202102-1417
Vulnerability from variot - Updated: 2024-11-23 22:47An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome.
The wifi_custom.cfg in FiberHome HG6245D has a security vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1417",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"cve": "CVE-2021-27174",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11349",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27174",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27174",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27174",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27174",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-11349",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-1003",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext passwords and 0644 permissions. FiberHome HG6245D A device contains a vulnerability in the plaintext storage of important information.Information may be obtained. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nThe wifi_custom.cfg in FiberHome HG6245D has a security vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27174"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNVD",
"id": "CNVD-2021-11349"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27174",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11349",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"id": "VAR-202102-1417",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
}
]
},
"last_update_date": "2024-11-23T22:47:41.632000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for default configuration problems",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142326"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#system-credentials-clear-text-files"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27174"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"date": "2021-02-10T19:15:15.247000",
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11349"
},
{
"date": "2021-10-26T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-003402"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-1003"
},
{
"date": "2024-11-21T05:57:28.680000",
"db": "NVD",
"id": "CVE-2021-27174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in plaintext storage of important information on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003402"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Default configuration problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-1003"
}
],
"trust": 0.6
}
}
VAR-202102-1372
Vulnerability from variot - Updated: 2024-11-23 22:44An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.). FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"cve": "CVE-2021-27141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27141",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27141",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27141",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27141",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27141",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-958",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*\u0026^#@$a2s0i3g key. (The webs binary has details on how XOR is used.). FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27141"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27141",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003577",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"id": "VAR-202102-1372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59644216
},
"last_update_date": "2024-11-23T22:44:15.846000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142288"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-decryption-algorithm"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27141"
},
{
"trust": 0.6,
"url": "httpd-decryption-algorithm"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"date": "2021-02-10T19:15:12.807000",
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003577"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-958"
},
{
"date": "2024-11-21T05:57:23.870000",
"db": "NVD",
"id": "CVE-2021-27141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-958"
}
],
"trust": 0.6
}
}
VAR-202102-1393
Vulnerability from variot - Updated: 2024-11-23 22:44An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"cve": "CVE-2021-27162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11346",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27162",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27162",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27162",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27162",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11346",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-938",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / tattoo@home credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27162"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNVD",
"id": "CNVD-2021-11346"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27162",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11346",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"id": "VAR-202102-1393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
}
]
},
"last_update_date": "2024-11-23T22:44:15.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142270"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27162"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"date": "2021-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"date": "2021-02-10T19:15:14.463000",
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11346"
},
{
"date": "2021-10-21T07:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-003248"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-938"
},
{
"date": "2024-11-21T05:57:26.997000",
"db": "NVD",
"id": "CVE-2021-27162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003248"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-938"
}
],
"trust": 0.6
}
}
VAR-202102-1414
Vulnerability from variot - Updated: 2024-11-23 22:44An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell). FiberHome HG6245D The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function.
A buffer overflow vulnerability exists in FiberHome HG6245D devices, which can be exploited by attackers to cause buffer overflow or heap overflow
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1414",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d devices",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"cve": "CVE-2021-27171",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18376",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27171",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27171",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27171",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27171",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-18376",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-988",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell). FiberHome HG6245D The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function. \n\r\n\r\nA buffer overflow vulnerability exists in FiberHome HG6245D devices, which can be exploited by attackers to cause buffer overflow or heap overflow",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27171"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNVD",
"id": "CNVD-2021-18376"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27171",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18376",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"id": "VAR-202102-1414",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
}
],
"trust": 1.39822108
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
}
]
},
"last_update_date": "2024-11-23T22:44:15.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Patch for FiberHome HG6245D devices buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253656"
},
{
"title": "Fiber Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142314"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-cli-privilege-escalation"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27171"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"date": "2021-02-10T19:15:15.057000",
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18376"
},
{
"date": "2021-10-26T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2021-003399"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-988"
},
{
"date": "2024-11-21T05:57:28.250000",
"db": "NVD",
"id": "CVE-2021-27171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Out-of-bounds write vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003399"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-988"
}
],
"trust": 0.6
}
}
VAR-202102-1388
Vulnerability from variot - Updated: 2024-11-23 22:40An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"cve": "CVE-2021-27157",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27157",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11341",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27157",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27157",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27157",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27157",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11341",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-941",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27157"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11341"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27157",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11341",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"id": "VAR-202102-1388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
}
]
},
"last_update_date": "2024-11-23T22:40:46.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142273"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27157"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"date": "2021-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"date": "2021-02-10T19:15:13.980000",
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11341"
},
{
"date": "2021-10-21T08:35:00",
"db": "JVNDB",
"id": "JVNDB-2021-003253"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-941"
},
{
"date": "2024-11-21T05:57:26.247000",
"db": "NVD",
"id": "CVE-2021-27157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-941"
}
],
"trust": 0.6
}
}
VAR-202102-1409
Vulnerability from variot - Updated: 2024-11-23 22:40An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function.
There is a trust management vulnerability in FiberHome HG6245D devices. Attackers can use this vulnerability to attack the affected components using default passwords or hard-coded passwords, hard-coded certificates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1409",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d devices",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"cve": "CVE-2021-27166",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27166",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-18374",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27166",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27166",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27166",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27166",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-18374",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-994",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. FiberHome HG6245D devices is a router of China FiberHome. Provide network connectivity function. \n\r\n\r\nThere is a trust management vulnerability in FiberHome HG6245D devices. Attackers can use this vulnerability to attack the affected components using default passwords or hard-coded passwords, hard-coded certificates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27166"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNVD",
"id": "CNVD-2021-18374"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27166",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-18374",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"id": "VAR-202102-1409",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
}
],
"trust": 1.39822108
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
}
]
},
"last_update_date": "2024-11-23T22:40:46.852000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Patch for FiberHome HG6245D devices trust management issue vulnerability (CNVD-2021-18374)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/253666"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet-linux-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27166"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#telnet"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"date": "2021-10-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"date": "2021-02-10T19:15:14.683000",
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-18374"
},
{
"date": "2021-10-26T08:50:00",
"db": "JVNDB",
"id": "JVNDB-2021-003423"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-994"
},
{
"date": "2024-11-21T05:57:27.550000",
"db": "NVD",
"id": "CVE-2021-27166"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003423"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-994"
}
],
"trust": 0.6
}
}
VAR-202102-1370
Vulnerability from variot - Updated: 2024-11-23 22:37An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. FiberHome HG6245D An unspecified vulnerability exists in the device.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"cve": "CVE-2021-27139",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27139",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27139",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27139",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27139",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-27139",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-960",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. FiberHome HG6245D An unspecified vulnerability exists in the device.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27139"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27139",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003575",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"id": "VAR-202102-1370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.59644216
},
"last_update_date": "2024-11-23T22:37:04.521000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142290"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-infoleak"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27139"
},
{
"trust": 0.6,
"url": "httpd-infoleak"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"date": "2021-02-10T19:15:12.653000",
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-10-28T07:38:00",
"db": "JVNDB",
"id": "JVNDB-2021-003575"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-960"
},
{
"date": "2024-11-21T05:57:23.577000",
"db": "NVD",
"id": "CVE-2021-27139"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003575"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-960"
}
],
"trust": 0.6
}
}
VAR-202102-1391
Vulnerability from variot - Updated: 2024-11-23 22:37An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1391",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"cve": "CVE-2021-27160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27160",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11344",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27160",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27160",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27160",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27160",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11344",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-937",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27160"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNVD",
"id": "CNVD-2021-11344"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27160",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11344",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"id": "VAR-202102-1391",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
}
]
},
"last_update_date": "2024-11-23T22:37:04.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "FiberHome HG6245D Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142606"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27160"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"date": "2021-10-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"date": "2021-02-10T19:15:14.183000",
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11344"
},
{
"date": "2021-10-21T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2021-003250"
},
{
"date": "2021-02-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-937"
},
{
"date": "2024-11-21T05:57:26.700000",
"db": "NVD",
"id": "CVE-2021-27160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003250"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-937"
}
],
"trust": 0.6
}
}
VAR-202102-1379
Vulnerability from variot - Updated: 2024-11-23 22:33An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1379",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"cve": "CVE-2021-27148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27148",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11333",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27148",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27148",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27148",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27148",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11333",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-953",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2021-27148",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "VULMON",
"id": "CVE-2021-27148"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27148",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11333",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27148",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"id": "VAR-202102-1379",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
}
]
},
"last_update_date": "2024-11-23T22:33:07.462000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142283"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27148"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"date": "2021-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"date": "2021-02-10T19:15:13.293000",
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11333"
},
{
"date": "2021-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27148"
},
{
"date": "2021-10-22T06:27:00",
"db": "JVNDB",
"id": "JVNDB-2021-003333"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-953"
},
{
"date": "2024-11-21T05:57:24.983000",
"db": "NVD",
"id": "CVE-2021-27148"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-953"
}
],
"trust": 0.6
}
}
VAR-202102-1381
Vulnerability from variot - Updated: 2024-11-23 22:33An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"cve": "CVE-2021-27150",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27150",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11335",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27150",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27150",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27150",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27150",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11335",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-949",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27150"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNVD",
"id": "CNVD-2021-11335"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27150",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11335",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"id": "VAR-202102-1381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
}
]
},
"last_update_date": "2024-11-23T22:33:07.438000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142280"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27150"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"date": "2021-02-10T19:15:13.433000",
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11335"
},
{
"date": "2021-10-22T05:56:00",
"db": "JVNDB",
"id": "JVNDB-2021-003331"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-949"
},
{
"date": "2024-11-21T05:57:25.263000",
"db": "NVD",
"id": "CVE-2021-27150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003331"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-949"
}
],
"trust": 0.6
}
}
VAR-202102-1385
Vulnerability from variot - Updated: 2024-11-23 22:29An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"cve": "CVE-2021-27154",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27154",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11339",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27154",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27154",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27154",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27154",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11339",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-943",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27154"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNVD",
"id": "CNVD-2021-11339"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27154",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11339",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"id": "VAR-202102-1385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
}
]
},
"last_update_date": "2024-11-23T22:29:18.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142275"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27154"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"date": "2021-02-10T19:15:13.777000",
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11339"
},
{
"date": "2021-10-22T05:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-003301"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-943"
},
{
"date": "2024-11-21T05:57:25.830000",
"db": "NVD",
"id": "CVE-2021-27154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003301"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-943"
}
],
"trust": 0.6
}
}
VAR-202102-1382
Vulnerability from variot - Updated: 2024-11-23 22:25An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"cve": "CVE-2021-27151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11336",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27151",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27151",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27151",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11336",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-947",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27151"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNVD",
"id": "CNVD-2021-11336"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27151",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11336",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"id": "VAR-202102-1382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
}
]
},
"last_update_date": "2024-11-23T22:25:10.737000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142278"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27151"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"date": "2021-02-10T19:15:13.557000",
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11336"
},
{
"date": "2021-10-22T05:31:00",
"db": "JVNDB",
"id": "JVNDB-2021-003330"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-947"
},
{
"date": "2024-11-21T05:57:25.410000",
"db": "NVD",
"id": "CVE-2021-27151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003330"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-947"
}
],
"trust": 0.6
}
}
VAR-202102-1378
Vulnerability from variot - Updated: 2024-11-23 22:20An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome.
FiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hg6245d",
"scope": "lte",
"trust": 1.0,
"vendor": "fiberhome",
"version": "rp2613"
},
{
"model": "hg6245d",
"scope": "eq",
"trust": 0.8,
"vendor": "fiberhome group",
"version": null
},
{
"model": "hg6245d",
"scope": "lte",
"trust": 0.8,
"vendor": "fiberhome group",
"version": "hg6245d firmware rp2613 until"
},
{
"model": "hg6245d",
"scope": null,
"trust": 0.6,
"vendor": "fiberhome",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"cve": "CVE-2021-27147",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-27147",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-11332",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-27147",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-27147",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27147",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-27147",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2021-11332",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-955",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP. FiberHome HG6245D A device contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. HG6245D is a FTTH ONT router launched by FiberHome. \n\r\n\r\nFiberHome HG6245D has a hard-coded credential vulnerability. No detailed vulnerability details are currently provided",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27147"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNVD",
"id": "CNVD-2021-11332"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27147",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-11332",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"id": "VAR-202102-1378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
}
],
"trust": 1.1964421600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
}
]
},
"last_update_date": "2024-11-23T22:20:51.971000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "http://www.fiberhome.com/default.aspx"
},
{
"title": "Fiber Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=142285"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Using hardcoded credentials (CWE-798) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-hardcoded-credentials"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27147"
},
{
"trust": 0.6,
"url": "httpd-hardcoded-credentials"
},
{
"trust": 0.6,
"url": "https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"date": "2021-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"date": "2021-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"date": "2021-02-10T19:15:13.213000",
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11332"
},
{
"date": "2021-10-22T06:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-003334"
},
{
"date": "2021-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-955"
},
{
"date": "2024-11-21T05:57:24.833000",
"db": "NVD",
"id": "CVE-2021-27147"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FiberHome\u00a0HG6245D\u00a0 Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-955"
}
],
"trust": 0.6
}
}