⚠️ CISA Known Exploited Vulnerability
Active ThreatThis vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.
CVE-2018-10561
Critical CISA KEVVulnerability Description
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Known Affected Software
1 configuration(s) from 1 vendor(s)
cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*
References & Resources
-
http://www.securityfocus.com/bid/107053cve@mitre.org Broken Link Third Party Advisory VDB Entry
-
https://www.exploit-db.com/exploits/44576/cve@mitre.org Exploit Third Party Advisory VDB Entry
-
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/cve@mitre.org Exploit Technical Description Third Party Advisory
-
http://www.securityfocus.com/bid/107053af854a3a-2127-422b-91ae-364da2661108 Broken Link Third Party Advisory VDB Entry
-
https://www.exploit-db.com/exploits/44576/af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory VDB Entry
-
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/af854a3a-2127-422b-91ae-364da2661108 Exploit Technical Description Third Party Advisory
-
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561134c704f-9b21-4f2e-91b3-4a467353bcc0 US Government Resource
Severity Details
CISA KEV Status
Listed in CISA's Known Exploited Vulnerabilities catalog
Key Information
- Published Date
- May 04, 2018
