How to fix CVE-2025-63409?

Within 24 hours: Inventory all Gcom Epon 1Ge devices and identify firmware versions in use; isolate or restrict management access to affected devices. Within 7 days: Implement network segmentation to limit device accessibility and disable remote management protocols if operationally feasible; monitor device logs for unauthorized access attempts. Within 30 days: Contact Gcom for patch availability and deployment timeline; evaluate replacement devices if patches remain unavailable; conduct security assessment of any devices that showed suspicious activity.

Is Gcom Epon 1ge Firmware affected by CVE-2025-63409?

Gcom Epon 1Ge devices running firmware versions up to c00r371v00b01 contain an improper access control vulnerability that could allow unauthorized users to gain elevated privileges or access sensitive network functions.

CVE-2025-63409

HIGH

2026-02-24 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 24, 2026 - 16:24 nvd

HIGH 8.8

Description

Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

Analysis

Gcom Epon 1Ge Firmware versions up to c00r371v00b01 is affected by improper access control (CVSS 8.8).

Technical Context

This vulnerability (CWE-284: Improper Access Control) affects Gcom Epon 1Ge Firmware. Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.

Affected Products

Vendor: Gcomtw. Product: Gcom Epon 1Ge Firmware. Versions: up to c00r371v00b01.

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2025-63409 vulnerability details – vuln.today

Back

CVE-2025-63409

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-63409

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code