GPON home routers

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2018-10562	Dasan GPON home routers		0.29	—	1.00	KEV	May 4, 2018	An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,…
CVE-2018-10561	Dasan GPON home routers		0.22	—	0.93	KEV	May 4, 2018	An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the…

CVE-2018-10562KEVMay 4, 2018
Dasan
GPON home routers
risk 0.29cvss —epss 1.00
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,…
CVE-2018-10561KEVMay 4, 2018
Dasan
GPON home routers
risk 0.22cvss —epss 0.93
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the…