CVE-2021-27141
First published: Wed Feb 10 2021(Updated: )
An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fiberhome Hg6245d Firmware | <=rp2613 | |
| FiberHome HG6245D |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-27141.
What is the severity of CVE-2021-27141?
CVE-2021-27141 has a severity level of 9.8 (Critical).
Which devices are affected by CVE-2021-27141?
FiberHome HG6245D devices through RP2613 are affected by CVE-2021-27141.
How are the credentials obfuscated in this vulnerability?
In this vulnerability, the credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key.
Is there a fix available for CVE-2021-27141?
There is currently no information available regarding a fix for CVE-2021-27141.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/fiberhome
- canonical/fiberhome hg6245d firmware
- version/fiberhome hg6245d firmware/rp2613
- canonical/fiberhome hg6245d