Dasan
Products
9- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10562 | Cri | 0.93 | 9.8 | 1.00 | KEV | May 4, 2018 | An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,… | |
| CVE-2018-10561 | Cri | 0.86 | 9.8 | 0.93 | KEV | May 4, 2018 | An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the… | |
| CVE-2019-8950 | Cri | 0.64 | 9.8 | 0.03 | Feb 20, 2019 | The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. | ||
| CVE-2017-18046 | Cri | 0.64 | 9.8 | 0.05 | Jan 21, 2018 | Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). | ||
| CVE-2019-9974 | Cri | 0.59 | 9.1 | 0.03 | Apr 11, 2019 | diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack. | ||
| CVE-2019-9976 | Hig | 0.57 | 8.8 | 0.01 | Apr 11, 2019 | The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users. | ||
| CVE-2018-17869 | Hig | 0.57 | 8.8 | 0.00 | Oct 1, 2018 | DASAN H660GW devices do not implement any CSRF protection mechanism. | ||
| CVE-2019-9975 | Hig | 0.49 | 7.5 | 0.01 | Apr 11, 2019 | DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key. | ||
| CVE-2018-17867 | Hig | 0.47 | 7.2 | 0.04 | Oct 1, 2018 | The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field). | ||
| CVE-2025-44178 | Med | 0.42 | 6.5 | 0.00 | Aug 25, 2025 | DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any… | ||
| CVE-2025-29524 | Med | 0.42 | 6.5 | 0.00 | Aug 25, 2025 | Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information. | ||
| CVE-2025-29525 | Med | 0.34 | 5.3 | 0.00 | Aug 25, 2025 | DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel. | ||
| CVE-2018-17868 | Med | 0.31 | 4.8 | 0.01 | Oct 1, 2018 | DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | ||
| CVE-2025-63206 | 0.00 | — | 0.00 | Nov 19, 2025 | An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser. |
- risk 0.93cvss 9.8epss 1.00
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html,…
- risk 0.86cvss 9.8epss 0.93
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the…
- risk 0.64cvss 9.8epss 0.03
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
- risk 0.64cvss 9.8epss 0.05
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).
- risk 0.59cvss 9.1epss 0.03
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
- risk 0.57cvss 8.8epss 0.01
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
- risk 0.57cvss 8.8epss 0.00
DASAN H660GW devices do not implement any CSRF protection mechanism.
- risk 0.49cvss 7.5epss 0.01
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
- risk 0.47cvss 7.2epss 0.04
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
- risk 0.42cvss 6.5epss 0.00
DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN sides without any…
- risk 0.42cvss 6.5epss 0.00
Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.
- risk 0.34cvss 5.3epss 0.00
DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.
- risk 0.31cvss 4.8epss 0.01
DASAN H660GW devices have Stored XSS in the Port Forwarding functionality.
- CVE-2025-63206Nov 19, 2025risk 0.00cvss —epss 0.00
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.