An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107053 | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44576/ | Exploit Third Party Advisory VDB Entry |
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/ | Exploit Technical Description Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-04T03:00:00
Updated: 2019-02-19T10:57:01
Reserved: 2018-04-30T00:00:00
Link: CVE-2018-10561
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-04T03:29:00.227
Modified: 2019-03-04T18:39:11.630
Link: CVE-2018-10561
JSON object: View
Redhat Information
No data.
CWE