CVE-2025-54083 in GigaCenter ONT
Summary
by MITRE • 09/10/2025
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability CVE-2025-54083 represents a critical insecure storage of sensitive information flaw within Calix GigaCenter ONT devices utilizing Quantenna SoC modules. This weakness specifically impacts the web interface authentication mechanism, creating a significant security risk for network administrators and system operators. The vulnerability manifests in the improper handling of administrative credentials and sensitive session data, which are stored in an insecure manner that allows unauthorized access to the device management interface. The affected models include the 844E, 844G, 844GE, and 854GE variants, indicating this is a widespread issue affecting multiple generations of the GigaCenter ONT platform. This vulnerability falls under CWE-312 (CWE-312: Cleartext Storage of Sensitive Information) and aligns with ATT&CK technique T1566 (Phishing) and T1078 (Valid Accounts) as it enables unauthorized access through compromised administrative credentials.
The technical implementation of this vulnerability stems from the device's failure to properly encrypt or obfuscate sensitive data during storage operations. When administrators access the web interface, the system stores authentication tokens, session identifiers, and potentially administrative credentials in plaintext or using weak encryption methods. The Quantenna SoC architecture, while providing robust networking capabilities, does not adequately protect sensitive information at rest within the device's memory or storage components. This insecure storage pattern allows an attacker with physical access to the device or those capable of intercepting network traffic to extract administrative credentials and gain full control over the ONT device. The vulnerability is particularly concerning because it bypasses normal authentication mechanisms and provides direct administrative access without requiring additional exploitation techniques.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it fundamentally compromises the security posture of the entire network infrastructure that relies on these ONT devices. Network administrators who manage multiple GigaCenter ONT units across their deployments face significant risk of credential compromise, which could lead to complete network takeover. The vulnerability enables attackers to modify device configurations, redirect traffic, implement man-in-the-middle attacks, or establish persistent backdoors within the network. Additionally, the compromised devices can serve as launching points for further attacks against internal network resources, making this vulnerability a critical threat vector for organizations relying on these devices for fiber-to-the-home or enterprise connectivity solutions. The risk is amplified by the fact that these devices often operate in unattended locations, making physical access more feasible for determined attackers.
Mitigation strategies for CVE-2025-54083 should prioritize immediate deployment of firmware updates from Calix to address the insecure storage implementation. Organizations must implement network segmentation to isolate these devices from critical infrastructure and establish monitoring for unauthorized access attempts. Security teams should conduct comprehensive credential rotation across all affected devices, ensuring that administrative accounts are changed immediately upon patch deployment. Network administrators should also implement additional authentication layers such as two-factor authentication where possible, and establish strict access controls limiting administrative privileges to only necessary personnel. The vulnerability demonstrates the critical importance of secure credential management in embedded systems and reinforces the need for robust encryption practices in all storage operations. Organizations should also consider implementing network monitoring solutions specifically designed to detect anomalous access patterns to network infrastructure devices, as this vulnerability can enable stealthy long-term access without detection.