Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dasannetworks vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2017-18046
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote malicious users to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).
Dasannetworks H640x Firmware 2.77p1-1124
Dasannetworks H640x Firmware 12.02-01121
Dasannetworks H640x Firmware 3.03p2-1146
757
VMScore
CVE-2018-10561
An issue exists on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the...
Dasannetworks Gpon Router Firmware -
1 EDB exploit
6 Github repositories
758
VMScore
CVE-2018-10562
An issue exists on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's...
Dasannetworks Gpon Router Firmware -
1 EDB exploit
9 Github repositories
801
VMScore
CVE-2018-17867
The Port Forwarding functionality on DASAN H660GW devices allows remote malicious users to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
Dasannetworks H660gw Firmware -
NA
CVE-2023-42495
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Dasannetworks W-web
445
VMScore
CVE-2019-9975
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
Dasannetworks H660rm Firmware 1.03-0022
570
VMScore
CVE-2019-9974
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote malicious users to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
Dasannetworks H660rm Firmware 1.03-0022
356
VMScore
CVE-2019-9976
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
Dasannetworks H660rm Firmware 1.03-0022
890
VMScore
CVE-2019-8950
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an malicious user to login to the admin account via TELNET.
Dasannetworks H665 Firmware 1.46p1-0028
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started