CVE Tools

fiberhome

Hardware FirmwareCNcommercial

50

Cumulative CVEs

4

Monthly snapshots

#16

Peak rank

Top products

an5506-01a onu gpon4 an5506-01-a firmware3 an5506-01a firmware1

Latest CVEs

The 15 most recently published vulnerabilities affecting fiberhome.

CVE-2025-63353A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwo...9.8Nov 12, 2025
CVE-2025-1616FiberHome AN5506-01A ONU GPON Diagnosis os command injection4.7Feb 24, 2025
CVE-2025-1615FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting2.4Feb 24, 2025
CVE-2025-1614FiberHome AN5506-01A ONU GPON Port Forwarding Submenu portForwardingCfg cross site scripting2.4Feb 24, 2025
CVE-2025-1613FiberHome AN5506-01A ONU GPON URL Filtering Submenu URL_filterCfg cross site scripting2.4Feb 24, 2025
CVE-2022-38814A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inj...5.4Sep 15, 2022
CVE-2022-36200In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.7.5Aug 29, 2022
CVE-2021-41946In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to th...5.4May 18, 2022
CVE-2021-42912FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the r...8.8Dec 16, 2021
CVE-2021-27139An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp.7.5Feb 10, 2021
CVE-2021-27140An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs.7.5Feb 10, 2021
CVE-2021-27141An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. ...9.8Feb 10, 2021
CVE-2021-27142An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions.7.5Feb 10, 2021
CVE-2021-27143An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP.9.8Feb 10, 2021
CVE-2021-27144An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP.9.8Feb 10, 2021