Published:2025/07/31  Last Updated:2025/07/31

JVN#66546573
ZXHN-F660T and ZXHN-F660A use a common credential for all installations

Overview

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. use a common credential for all installations.

Products Affected

  • ZXHN-F660T firmware versions prior to V1.0.10P17N4
  • ZXHN-F660A firmware versions prior to V1.0.10P14N4

Description

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU (Optical Network Unit).
ZXHN-F660T and ZXHN-F660A contain the following vulnerability.

  • Use a common credential for all installations(CWE-1391
    • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7
    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2025-53558

Impact

With the knowledge of the credential, an attacker may log in to the affected devices.

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
The fixed firmware invalidates the common credential.

Vendor Status

Vendor Status Last Update Vendor Notes
ZTE Japan. K.K. Vulnerable 2025/07/31

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuuki Miyata of YuukiJapanTech reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2025-53558
JVN iPedia JVNDB-2025-000055