← Zuruck zu CVEs
CVE-2018-10561
CRITICALCISA KEV9.8
Beschreibung
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht5/4/2018
Zuletzt geandert11/5/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerDasan
ProduktGigabit Passive Optical Network (GPON) Routers
SchwachstellennameDasan GPON Routers Authentication Bypass Vulnerability
KEV Aufnahmedatum2022-03-31
Behebungsfrist2022-04-21
Ransomware-NutzungUnknown
Betroffene Produkte
dasannetworks:gpon_routerdasannetworks:gpon_router_firmware
Schwachen (CWE)
CWE-287CWE-287
Referenzen
http://www.securityfocus.com/bid/107053(cve@mitre.org)
https://www.exploit-db.com/exploits/44576/(cve@mitre.org)
http://www.securityfocus.com/bid/107053(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44576/(af854a3a-2127-422b-91ae-364da2661108)
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.