← back
CVE-2025-53558

CVE-2025-53558

CVSS 8.7 HIGHEPSS 1.3%CWE-1391
In short

ZTE routers (ZXHN-F660T and ZXHN-F660A) come with the same default login credentials for all units. An attacker who knows these credentials can access and control any of these devices.

Technical detail

The affected ZTE router models use hardcoded or unchangeable default credentials across all installations, allowing unauthenticated remote attackers to gain administrative access via the management interface. This enables complete device compromise including configuration modification, traffic interception, and potential lateral network movement.

Summary generated and translated by AI from the official description.
ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices.
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ZTE Japan. K.K. · ZXHN-F660AZTE Japan. K.K. · ZXHN-F660T

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN66546573/