The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security alert for users of a popular home Wi-Fi router model from Digisol. The advisory, published on July 16, 2025, outlines multiple vulnerabilities that could be exploited by attackers to hijack sessions, steal credentials, or gain unauthorised access to a user’s home or office network. These flaws could leave sensitive data exposed and compromise the overall security of connected devices.
What’s the warning
According to CERT-In, the Digisol DG-GR6821AC Wi-Fi router — specifically those running firmware version V3.2.XX — contains five critical vulnerabilities. These issues include hard-coded credentials, unencrypted storage and transmission of sensitive data, and insecure session cookie handling. The router in question is a dual-mode Optical Network Unit (ONU), commonly used in households and small offices with broadband connections.
The warning states that these vulnerabilities can lead to session hijacking, Man-in-the-Middle (MITM) attacks, and unauthorised network access. Attackers with physical or remote access may be able to extract credentials, monitor traffic, or even take full control of the device.
Check if you are affected
You may be impacted if you are using the Digisol DG-GR6821AC router and have not updated your firmware beyond V3.2.XX. The affected users include home broadband subscribers and administrators managing small office networks.
Here are the identified CVEs:
• CVE-2025-53754: Hard-coded root credentials
• CVE-2025-53755: Storage of unencrypted credentials
• CVE-2025-53756: Cleartext transmission of credentials
• CVE-2025-53757: Missing Secure and HttpOnly cookie flags
• CVE-2025-53758: Use of default admin credentials
Successful exploitation of any of these vulnerabilities could give attackers access to the network, sensitive data, or admin controls.
Fix, you should know
CERT-In recommends that all users immediately update their router firmware to the latest secure version:
HG323DACv5_all_V3.2.02-250509_Digisolver
The update is available for download on Digisol’s official website: https://www.digisol.com/firmware/
Until patched, users should:
• Change default passwords
• Disable remote management features
• Monitor for suspicious activity
• Avoid using unsecured HTTP sessions
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
