CVE-2021-27141

Опубликовано: 10 фев. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)

Ссылки

https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-decryption-algorithm
Exploit
Third Party Advisory
https://pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.html#httpd-decryption-algorithm
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:fiberhome:hg6245d_firmware:*:*:*:*:*:*:*:*

Версия до rp2613 (включая)

cpe:2.3:h:fiberhome:hg6245d:-:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00681

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-f5rh-xqjc-3gc6

github

больше 3 лет назад

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)