CVE-2025-63353

CriticalPublic PoC

Published: 12 November 2025

Published

12 November 2025

Modified

31 December 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0062 70.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the…

SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

IA-5 requires managing authenticators by changing factory default passwords and ensuring they are resistant to prediction, directly preventing unauthorized Wi-Fi access from SSID-derived passphrases.

AC-18 Wireless Access good match

prevent

AC-18 mandates authorization and cryptographic protections for wireless access, mitigating unauthorized connections enabled by predictable default Wi-Fi passwords.

CM-6 Configuration Settings good match

prevent

CM-6 enforces secure baseline configuration settings, including changing default Wi-Fi passwords to non-deterministic values, addressing the device's deterministic passphrase generation.

Security SummaryAI

CVE-2025-63353 is a vulnerability in the FiberHome GPON ONU HG6145F1 RP4423 device, published on 2025-11-12. The issue stems from a deterministic algorithm used to generate the factory default Wi-Fi password (WPA/WPA2 pre-shared key), which is directly derived from the SSID. This allows the default password to be predicted solely by observing the SSID, without requiring authentication or user interaction. The vulnerability is rated with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-284 (Improper Access Control).

Any attacker within wireless range who can observe the SSID—such as through passive Wi-Fi scanning—can compute the default passphrase and connect to the network unauthorized. Successful exploitation grants full access to the Wi-Fi network, potentially enabling further compromise of connected devices or the router itself, depending on network configuration and default credentials.

Advisories and details are available in referenced sources, including a GitHub repository at https://github.com/hanianis/CVE-2025-63353 and a Medium article at https://medium.com/@hanianis.bouzid/fiberhome-gpon-onu-model-hg6145f1-router-predictable-wifi-passwords-and-real-risks-d8e54da385d3. No specific patch or mitigation guidance is detailed in the provided information.

Details

CWE(s): CWE-284

Affected Products

fiberhome

hg6145f1 firmware

rp4423

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

The vulnerability uses a deterministic algorithm to generate the factory default Wi-Fi password from the SSID, enabling unauthorized access via default accounts without authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/hanianis/CVE-2025-63353
Third Party Advisory · cve@mitre.org
https://medium.com/@hanianis.bouzid/fiberhome-gpon-onu-model-hg6145f1-router-predictable-wifi-passwords-and-real-risks-d8e54da385d3
Exploit, Third Party Advisory · cve@mitre.org