CVE-2021-27153
published 2021-02-10CVE-2021-27153: An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
20.49%
97.2th percentile
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bluez | bluez | >= 0 < 5.48-0ubuntu3.5 | 5.48-0ubuntu3.5 |
| bluez | bluez | >= 0 < 5.53-0ubuntu3.2 | 5.53-0ubuntu3.2 |
| fiberhome | hg6245d_firmware | <= rp2613 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjfv-c533-56m2: An issue was discovered on FiberHome HG6245D devices through RP2613
ghsa_unreviewed·2022-05-24
CVE-2021-27153 [CRITICAL] CWE-798 GHSA-pjfv-c533-56m2: An issue was discovered on FiberHome HG6245D devices through RP2613
An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.
OSV
bluez vulnerabilities
osv·2021-06-16·CVSS 4.2
CVE-2020-26558 bluez vulnerabilities
bluez vulnerabilities
It was discovered that BlueZ incorrectly checked certain permissions when
pairing. A local attacker could possibly use this issue to impersonate
devices. (CVE-2020-26558)
Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT
events. A local attacker could use this issue to cause BlueZ to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-27153)
Ziming Zhang discovered that BlueZ incorrectly handled certain array
indexes. A local attacker could use this issue to cause BlueZ to crash,
resulting in a denial of service, or possibly obtain sensitive information.
This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-3588)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-02-10
Published