Unrated severityCISA KEVNVD Advisory· Published May 4, 2018· Updated Oct 21, 2025

CVE-2018-10562

Description

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/44576/mitreexploitx_refsource_EXPLOIT-DB
www.securityfocus.com/bid/107053mitrevdb-entryx_refsource_BID
www.vpnmentor.com/blog/critical-vulnerability-gpon-router/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060