CVE-2025-29525 is a medium-severity vulnerability identified in the DASAN GPON ONU H660WM device, specifically in OS version H660WMR210825 and hardware version DS-E5-583-A1. The vulnerability arises from the presence of insecure default credentials in the modem's control panel. This means that the device is shipped or configured with default usernames and passwords that are either well-known or easily guessable, and these credentials have not been changed by the end user or service provider. The vulnerability is classified under CWE-1392, which relates to the use of insecure default credentials. According to the CVSS v3.1 vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), the attack vector is network-based (remote), requires no privileges, no user interaction, and has low attack complexity. The impact is limited to confidentiality, with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches or updates have been linked yet. The vulnerability allows an attacker with network access to the device to potentially gain unauthorized read-only access to certain information via the control panel, which could include configuration details or network-related data. However, the lack of impact on integrity or availability limits the scope of damage. The device affected is a GPON ONU (Gigabit-capable Passive Optical Network Optical Network Unit), a common type of fiber optic modem used by ISPs to provide broadband internet access to end users. This device is typically deployed in residential or small business environments to terminate fiber optic lines and provide network connectivity.

For European organizations, the presence of insecure default credentials in widely deployed GPON ONU devices poses a risk primarily to confidentiality. Attackers who gain network access to these devices could harvest sensitive configuration information or network details, which could be leveraged for further attacks such as network reconnaissance or lateral movement. Although the vulnerability does not directly affect integrity or availability, the exposure of sensitive information could facilitate targeted attacks against organizational infrastructure. In environments where these devices are deployed at scale, such as ISPs serving European customers or enterprises using these modems for fiber connectivity, the risk is amplified. Additionally, compromised devices could be used as entry points into internal networks if proper network segmentation is not enforced. The lack of required authentication or user interaction makes exploitation easier for remote attackers with network access. However, the medium severity rating reflects the limited scope of impact. The absence of known exploits in the wild suggests that exploitation is not yet widespread, but the vulnerability should be addressed proactively to prevent potential abuse.

To mitigate this vulnerability effectively, European organizations and ISPs should take the following specific actions: 1) Immediately audit all DASAN GPON ONU H660WM devices in their networks to identify units running the affected OS and hardware versions. 2) Change all default credentials on these devices to strong, unique passwords that comply with organizational password policies. 3) Implement network segmentation to isolate GPON ONU devices from critical internal systems, limiting the potential impact of any compromise. 4) Restrict management interface access to trusted IP addresses or management VLANs only, preventing unauthorized remote access. 5) Monitor network traffic for unusual access patterns or attempts to connect to the control panel interfaces of these devices. 6) Engage with DASAN or device vendors to obtain firmware updates or patches addressing this vulnerability once available, and plan for timely deployment. 7) Educate network administrators and field technicians about the risks of default credentials and enforce procedures to change them during device provisioning. 8) Consider deploying intrusion detection or prevention systems capable of identifying attempts to exploit default credential vulnerabilities on network devices.