Critical severity9.8CISA KEVNVD Advisory· Published May 4, 2018· Updated Jun 17, 2026
CVE-2018-10561
CVE-2018-10561
Description
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/44576/nvdExploitThird Party AdvisoryVDB Entry
- www.vpnmentor.com/blog/critical-vulnerability-gpon-router/nvdExploitTechnical DescriptionThird Party Advisory
- www.securityfocus.com/bid/107053nvdBroken LinkThird Party AdvisoryVDB Entry
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
2- What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)SANS Internet Storm Center · Jun 25, 2026
- RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend Micro Research · Oct 9, 2025