Multiple Dasan GPON Routers Command Injection and Authentication Bypass Vulnerabilities

Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability.

An attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device.

Information

Bugtraq ID: 107053
Class: Unknown
CVE: CVE-2018-10561
CVE-2018-10562

Remote: Yes
Local: No
Published: Feb 18 2019 12:00AM
Updated: Feb 18 2019 12:00AM
Credit: None
Vulnerable: Dasan Networks GPON Router 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• Dasan networks Homepage ()
  
• BSA-2018-603 ()
  
• BSA-2018-604 ()
  
• Critical RCE Vulnerability Found in Over a Million GPON Home Routers ()
  

Source: www.securityfocus.com