CVE-2019-25238

A cross-site request forgery (CSRF) vulnerability exists in V-SOL GPON/EPON OLT Platform 2.03 [1]. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This means the web application fails to validate the origin of requests, allowing an attacker to craft requests that impersonate legitimate user actions [2].

The attack does not require any special network position or authentication beyond a logged-in administrator. An attacker can craft a malicious HTML forms that submit hidden parameters to the OLT's web interface. When an authenticated administrator views the attacker's page, their browser sends authenticated requests (including any session cookies) to the OLT device, performing actions on behalf of the victim [2]. The provided proof-of-concept demonstrates how to add a new administrator account named 'Spy' with a chosen password [2].

Successful exploitation allows an attacker to perform actions with administrative privileges. This includes creating new admin users, enabling SSH, or modifying system settings. The attacker can then use these actions to gain persistent access or alter the device configuration [1][2].

Patched versions are not specified in the sources; the affected versions include several releases up to V2.03.62R_IPv6, as well as older versions such as V1.4 [2]. The vendor's website is listed as a reference, but no advisory or patch information is provided there [3]. Organizations using these OLT platforms should review access controls and consider additional CSRF protections or network segmentation.