CVE-2025-63353

CRITICAL

FiberHome GPON ONU HG6145F1 RP4423 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-63353. PoCs published by hanianis, 0xA1M, Zvckster.

AI-analyzed exploit summary The repository describes a vulnerability in Fiberhome GPON ONU HG6145F1 RP4423 where the default Wi-Fi password can be predicted from the SSID. However, it lacks exploit code or technical details, making it a minimal writeup.

Description

A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.

Exploits (4)

nomisec WRITEUP 4 stars
by hanianis · poc
https://github.com/hanianis/CVE-2025-63353

The repository describes a vulnerability in Fiberhome GPON ONU HG6145F1 RP4423 where the default Wi-Fi password can be predicted from the SSID. However, it lacks exploit code or technical details, making it a minimal writeup.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Fiberhome GPON ONU HG6145F1 RP4423
No auth needed
Prerequisites: knowledge of the SSID
devstral-2 · analyzed Apr 09, 2026 Full analysis →
nomisec WORKING POC 2 stars
by 0xA1M · poc
https://github.com/0xA1M/CVE-2025-63353

This PoC demonstrates a predictable Wi-Fi password vulnerability in FiberHome GPON ONU devices, where the default password can be derived from the SSID using a deterministic algorithm. The tool scans nearby Wi-Fi networks and calculates the corresponding passwords for vulnerable devices.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FiberHome GPON ONU HG6145F1 RP4423
No auth needed
Prerequisites: Wi-Fi network visibility · Go 1.25.4 or higher · Network adapter with monitor mode capabilities
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by Zvckster · pythonpoc
https://github.com/Zvckster/CVE-2025-63353

This repository contains functional exploit code demonstrating CVE-2025-63353, a predictable default Wi-Fi PSK vulnerability in FiberHome HG6145F1 devices. The PoC derives the default PSK from the SSID using a deterministic algorithm.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FiberHome HG6145F1 RP4423 GPON ONT
No auth needed
Prerequisites: SSID of the target device
devstral-2 · analyzed May 26, 2026 Full analysis →
nomisec WORKING POC
by r0otk3r · poc
https://github.com/r0otk3r/CVE-2025-63353

This repository contains a functional Python script that exploits CVE-2025-63353, a deterministic password generation flaw in FiberHome HG6145F1 routers. The script calculates the default WPA/WPA2 password from the SSID using a simple hexadecimal subtraction formula.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FiberHome HG6145F1 (RP4423) routers
No auth needed
Prerequisites: SSID of the target FiberHome router
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0084
EPSS Percentile 75.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-284
Status published
Products (1)
fiberhome/hg6145f1_firmware rp4423
Published Nov 12, 2025
Tracked Since Feb 18, 2026