VYPR
Vendor

Dasan

Products
9
CVEs
14
Across products
14
Status
Private

Products

9

Recent CVEs

14
  • CVE-2018-10562CriKEVMay 4, 2018
    risk 0.93cvss 9.8epss 1.00

    An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,…

  • CVE-2018-10561CriKEVMay 4, 2018
    risk 0.86cvss 9.8epss 0.93

    An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the…

  • CVE-2019-8950CriFeb 20, 2019
    risk 0.64cvss 9.8epss 0.03

    The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.

  • CVE-2017-18046CriJan 21, 2018
    risk 0.64cvss 9.8epss 0.05

    Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).

  • CVE-2019-9974CriApr 11, 2019
    risk 0.59cvss 9.1epss 0.03

    diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.

  • CVE-2019-9976HigApr 11, 2019
    risk 0.57cvss 8.8epss 0.01

    The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.

  • CVE-2018-17869HigOct 1, 2018
    risk 0.57cvss 8.8epss 0.00

    DASAN H660GW devices do not implement any CSRF protection mechanism.

  • CVE-2019-9975HigApr 11, 2019
    risk 0.49cvss 7.5epss 0.01

    DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.

  • CVE-2018-17867HigOct 1, 2018
    risk 0.47cvss 7.2epss 0.04

    The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).

  • CVE-2025-44178MedAug 25, 2025
    risk 0.42cvss 6.5epss 0.00

    DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any…

  • CVE-2025-29524MedAug 25, 2025
    risk 0.42cvss 6.5epss 0.00

    Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.

  • CVE-2025-29525MedAug 25, 2025
    risk 0.34cvss 5.3epss 0.00

    DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.

  • CVE-2018-17868MedOct 1, 2018
    risk 0.31cvss 4.8epss 0.01

    DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.

  • CVE-2025-63206Nov 19, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.