Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
GCOM EPON 1GE C00R371V00B01: Remote Access to Sensitive Settings
CVE-2025-63409
Summary
Remote attackers who are already authenticated on a GCOM EPON 1GE C00R371V00B01 device can access and modify administrator settings and obtain the administrator credentials. This could allow them to make changes that impact the device's security and functionality. Update to the latest version to prevent unauthorized access.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| gcomtw | gcom_epon_1ge_firmware | c00r371v00b01 | – |
Original title
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
Original description
Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
nvd CVSS3.1
8.8
Vulnerability type
CWE-284
Improper Access Control
- http://gcom.com Broken Link
- https://github.com/theShinigami/CVE-Disclosures/tree/main/CVE-2025-63409 Third Party Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026