An issue exists on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
dasannetworks gpon_router_firmware -
Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15.
In order to evade detection, Gafgyt_tor uses Tor to hide its command-and-control (C2) communications, and encry...
The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service (DDoS) attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise.
Researchers, however, have discovered that it’s been a hit-or-miss journey for its operators when it comes to the bugs they choose – while at the same time, they’ve had to reboot after takedowns.
“The Hoaxcalls campaign h...
Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all be traced back to one threat actor.
The original Mirai used traditional brute-force attempts to gain access to connected things in order to enslave them, but the Wicked Botnet, na...
Attacks on Dasan GPON routers are continuing to happen using two vulnerabilities disclosed last month, but today, researchers from Qihoo 360 Netlab have revealed that one botnet operator appears to have deployed a new zero-day affecting the same router types.
The security firm has refused to release further details on this flaw to prevent more attacks but said it was able to reproduce its effects.
"We tested this payload on two different versions of [Dasan] GPON home router," the Net...
Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories).
A comprehensive assessment of various GPON home routers by vpnMentor has uncovered a way to bypass all authentication on the devices (CVE-2018-10561). That flaw can be ...