Published:2025/07/31 Last Updated:2025/07/31
JVN#66546573
ZXHN-F660T and ZXHN-F660A use a common credential for all installations
Overview
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. use a common credential for all installations.
Products Affected
- ZXHN-F660T firmware versions prior to V1.0.10P17N4
- ZXHN-F660A firmware versions prior to V1.0.10P14N4
Description
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU (Optical Network Unit).
ZXHN-F660T and ZXHN-F660A contain the following vulnerability.
- Use a common credential for all installations(CWE-1391)
- CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
- CVE-2025-53558
Impact
With the knowledge of the credential, an attacker may log in to the affected devices.
Solution
Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
The fixed firmware invalidates the common credential.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Yuuki Miyata of YuukiJapanTech reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2025-53558 |
JVN iPedia |
JVNDB-2025-000055 |