CVE-2025-44178 in GPON ONU H660WM
Summary
by MITRE • 08/26/2025
DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any authentication.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/26/2025
The vulnerability identified as CVE-2025-44178 affects DASAN GPON ONU H660WM and H660WMR210825 devices, representing a critical access control flaw that undermines the security posture of network infrastructure equipment. This vulnerability resides within the default configuration settings of these optical network units, which are commonly deployed in residential and small business environments to provide fiber optic internet connectivity. The flaw manifests through the Universal Plug and Play protocol implementation on the WAN side interfaces, creating an unauthorized access vector that bypasses normal authentication mechanisms. The affected devices fail to properly enforce access controls for their management interfaces, allowing attackers to directly interact with sensitive configuration parameters and data streams through unauthenticated connections.
The technical exploitation of this vulnerability stems from improper implementation of access control mechanisms within the UPnP protocol stack of these devices. Specifically, the WAN side interfaces expose management functions and configuration parameters without requiring authentication credentials, creating a persistent backdoor that attackers can leverage to establish unauthorized control over the device. This misconfiguration allows for both information disclosure and configuration modification capabilities, enabling threat actors to extract sensitive data such as network credentials, device configuration details, and potentially gain insights into the broader network topology. The vulnerability operates at the network protocol level, making it particularly dangerous as it can be exploited remotely without requiring physical access or prior knowledge of valid credentials.
The operational impact of CVE-2025-44178 extends beyond simple unauthorized access, potentially enabling attackers to manipulate network configurations, redirect traffic, and establish persistent access points within the network infrastructure. This vulnerability creates a significant risk for network administrators as it allows adversaries to modify routing parameters, alter firewall rules, and potentially compromise the integrity of the entire GPON network segment. The default nature of this vulnerability means that devices deployed in production environments may remain exposed indefinitely unless manually configured to address the issue. Organizations relying on DASAN H660WM series equipment face potential data breaches, network disruption, and increased attack surface that could facilitate lateral movement within their infrastructure.
Mitigation strategies for this vulnerability should prioritize immediate configuration changes to disable unnecessary UPnP functionality on WAN interfaces and implement strict access controls for management interfaces. Network administrators should ensure that all affected devices are updated with the latest firmware releases from DASAN, which should include proper authentication enforcement for UPnP protocol handlers. The implementation of network segmentation and access control lists can help limit the exposure of these devices to unauthorized networks, while regular security audits should verify that default configurations have been properly modified. Organizations should also consider implementing network monitoring solutions to detect anomalous UPnP traffic patterns that may indicate exploitation attempts, aligning with industry best practices for securing network infrastructure devices. This vulnerability aligns with CWE-284 access control flaws and may be categorized under ATT&CK technique T1071.004 for application layer protocol usage, emphasizing the need for comprehensive network security controls to prevent unauthorized access to critical infrastructure components.