Vulnerability Details CVE-2018-10561
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.922
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Proposed Action
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Ransomware Campaign
Unknown
References
Products affected by CVE-2018-10561
-
cpe:2.3:h:dasannetworks:gpon_router:-
-
cpe:2.3:o:dasannetworks:gpon_router_firmware:-