Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Dasannetworks›Operating systemnvd

Gpon Router Firmware

Vulnerabilities

2

Known exploited

2

Max CVSS

9.8

Top EPSS

0.9995

Severity breakdown

Critical

2

High

0

Medium

0

Low

0

Also matched as (raw): gpon_router_firmware

Top vulnerabilities

CVE-2018-10562An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

CVE-2018-10561An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

View vendor →Open in catalog with product filter →