7.5
CVSSv2

CVE-2018-10561

Published: 04/05/2018 Updated: 04/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dasannetworks gpon_router_firmware -

Vendor Advisories

Summary Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism By appending "?images/" to the end of the web address on any of the router's configuration pages, an attacker could exploit this vulnerability to bypass the router's login page and gain complete access ...

Exploits

#!/bin/bash echo "[+] Sending the Command… " # We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waiti ...

Github Repositories

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

Exploit for CVE-2018-10562

CVE-2018-10562 CVE-2018-10562 exploit About RCE on GPON home routers [*]CVE-2018-10561:Authentication Bypass [*]CVE-2018-10562: Command Injection Dependencies required requests urllib2 ssl re Screenshots

underattack-py

This is the official repository for the UnderattackToday Python module UnderattackToday Underattack is a free security intelligence platform For more information please visit underattacktoday API Underattack provides a free API described here: portalunderattacktoday/api/docs To use it you should register to the portal, it's free :) The Python module

RCE on GPON home routers (CVE-2018-10561)

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

ABOUT: Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities DEMO VIDEO: FEATURES: Automatically collects basic recon (ie whois, ping, DNS, etc) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-doma

Automated Tools Pentest

ABOUT: Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities KN0CK COMMUNITY FEATURES: Automatically collects basic recon Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info an

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Code + documentation for the public GreyNoise API

GreyNoise Intelligence Alpha API Summary: GreyNoise is a system that collects and analyzes data on Internet-wide scanners GreyNoise collects data on benign scanners such as Shodanio, as well as malicious actors like SSH and telnet worms The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions URL: https:

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
Threatpost • Lindsey O'Donnell • 05 Mar 2021

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15.
In order to evade detection, Gafgyt_tor uses Tor to hide its command-and-control (C2) communications, and encry...

Inside the Hoaxcalls Botnet: Both Success and Failure
Threatpost • Tara Seals • 28 May 2020

The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service (DDoS) attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise.
Researchers, however, have discovered that it’s been a hit-or-miss journey for its operators when it comes to the bugs they choose – while at the same time, they’ve had to reboot after takedowns.
“The Hoaxcalls campaign h...

Wicked Botnet Uses Passel of Exploits to Target IoT
Threatpost • Tara Seals • 21 May 2018

Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all be traced back to one threat actor.
The original Mirai used traditional brute-force attempts to gain access to connected things in order to enslave them, but the Wicked Botnet, na...

GPON Routers Attacked With New Zero-Day
BleepingComputer • Catalin Cimpanu • 21 May 2018

Attacks on Dasan GPON routers are continuing to happen using two vulnerabilities disclosed last month, but today, researchers from Qihoo 360 Netlab have revealed that one botnet operator appears to have deployed a new zero-day affecting the same router types.
The security firm has refused to release further details on this flaw to prevent more attacks but said it was able to reproduce its effects.
"We tested this payload on two different versions of [Dasan] GPON home router," the Net...

Millions of Home Fiber Routers Vulnerable to Complete Takeover
Threatpost • Tara Seals • 01 May 2018

UPDATE
Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories).
A comprehensive assessment of various GPON home routers by vpnMentor has uncovered a way to bypass all authentication on the devices (CVE-2018-10561). That flaw can be ...