CVE-2021-27152
Description
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
FiberHome HG6245D devices through RP2613 contain hardcoded ISP credentials 'awnfibre / fibre@dm!n' in the web daemon, allowing unauthorized administrative access.
Vulnerability
FiberHome HG6245D devices with firmware versions up to RP2613 have the hardcoded credentials awnfibre / fibre@dm!n embedded in the web daemon. These credentials are intended for ISP use but are stored in plaintext and can be used for authentication to the web interface [1].
Exploitation
An attacker with network access to the device (default LAN on IPv4, or potentially WAN if IPv6 is enabled) can log into the web interface using awnfibre as username and fibre@dm!n as password. No authentication bypass or prior knowledge is required [1].
Impact
Successful authentication grants full administrative privileges via the web interface, allowing an attacker to change settings, view sensitive information, enable telnet, and achieve remote code execution as root. The device can be fully compromised [1].
Mitigation
No official fix has been released as of the advisory date (February 2021); the latest tested firmware RP2613 remains vulnerable. Mitigations include restricting network access to the device, disabling IPv6 to prevent WAN attacks, and monitoring for future firmware updates from FiberHome [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- FiberHome/HG6245Ddescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- pierrekim.github.io/blog/2021-01-12-fiberhome-ont-0day-vulnerabilities.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.