[Japanese]

JVNDB-2025-000055

ZXHN-F660T and ZXHN-F660A use a common credential for all installations

Overview

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan. K.K. are ONU (Optical Network Unit).
ZXHN-F660T and ZXHN-F660A contain the following vulnerability.
  • Use a common credential for all installations (CWE-1391) - CVE-2025-53558

Yuuki Miyata of YuukiJapanTech reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


ZTE JAPAN K.K.
  • ZXHN-F660A firmware versions prior to V1.0.10P17N4
  • ZXHN-F660T firmware versions prior to V1.0.10P14N4

Impact

With the knowledge of the credential, an attacker may log in to the affected devices.
Solution

[Update the Firmware]
Update the firmware to the latest version according to the information provided by the developer.
The fixed firmware invalidates the common credential.
Vendor Information

ZTE JAPAN K.K.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-53558
References

  1. JVN : JVN#66546573
Revision History

  • [2025/07/31]
      Web page was published