CVE-2025-29525 in PON ONU H660WM OSinfo

Summary

by MITRE • 08/26/2025

DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 08/26/2025

The vulnerability identified as CVE-2025-29525 represents a critical security flaw in the DASAN GPON ONU H660WM modem, specifically affecting firmware version H660WMR210825 and hardware version DS-E5-583-A1. This issue manifests through the presence of hardcoded default administrative credentials within the device's web-based management interface, creating an immediate and severe security risk for network administrators and end users who deploy these modems in residential and enterprise environments. The default credentials are typically embedded within the device firmware during manufacturing, allowing unauthorized parties to gain immediate administrative access without requiring any additional authentication steps or knowledge of network configurations.

The technical exploitation of this vulnerability occurs through the modem's control panel interface, which is accessible via standard web protocols over the local network. Attackers can leverage these default credentials to bypass normal authentication mechanisms and assume full administrative privileges on the device. This level of access enables malicious actors to modify network configurations, disable security features, redirect traffic, install unauthorized firmware, or use the device as a pivot point for further attacks within the local network. The vulnerability directly maps to CWE-798, which classifies the use of hard-coded credentials as a significant security weakness, and aligns with ATT&CK technique T1078.004 which covers legitimate credentials used for lateral movement and privilege escalation.

The operational impact of this vulnerability extends beyond immediate device compromise, as it creates persistent security risks for entire network infrastructures. When deployed in residential gateway configurations, these modems often serve as the primary entry point for home networks, making them attractive targets for cybercriminals seeking to establish persistent access to private networks. The vulnerability affects not only individual devices but also represents a systemic risk across large deployments where thousands of similar modems may be running with identical default credentials. Network administrators who are unaware of this vulnerability may inadvertently leave their networks exposed to attacks that could result in data breaches, network disruption, or the establishment of botnet command and control channels. The issue is particularly concerning given that many users never change the default administrative passwords, creating a widespread attack surface that requires immediate remediation.

Mitigation strategies for CVE-2025-29525 must include immediate credential changes for all affected devices, with administrators changing default administrative passwords to strong, unique credentials that meet industry standards for password complexity. Network segmentation and access control measures should be implemented to limit the potential impact of device compromise, including the deployment of firewalls and network access control lists that restrict access to the modem management interfaces. Security monitoring should be enhanced to detect unauthorized access attempts and configuration changes, with regular vulnerability scanning of deployed networks to identify other potentially affected devices. Device firmware should be updated to versions that address this specific vulnerability, though many users may not be aware of these updates or may not have mechanisms in place to automatically apply security patches. Organizations should implement comprehensive device inventory management to track all deployed modems and ensure that security updates are applied across their entire network infrastructure. The vulnerability also underscores the importance of secure configuration management practices and the need for organizations to establish policies that require regular security assessments of network infrastructure components.

Responsible

MITRE

Reservation

03/11/2025

Disclosure

08/26/2025

Moderation

accepted

CPE

ready

EPSS

0.00270

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!