An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107053 | Broken Link Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44576/ | Exploit Third Party Advisory VDB Entry |
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/ | Exploit Technical Description Third Party Advisory |
http://www.securityfocus.com/bid/107053 | Broken Link Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/44576/ | Exploit Third Party Advisory VDB Entry |
https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/ | Exploit Technical Description Third Party Advisory |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561 |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Oct 2025, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 20:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 19:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://www.securityfocus.com/bid/107053 - Broken Link, Third Party Advisory, VDB Entry |
03 Apr 2025, 19:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/107053 - Third Party Advisory, VDB Entry, Broken Link |
Information
Published : 2018-05-04 03:29
Updated : 2025-10-22 00:16
NVD link : CVE-2018-10561
Mitre link : CVE-2018-10561
CVE.ORG link : CVE-2018-10561
JSON object : View
Products Affected
dasannetworks
- gpon_router_firmware
- gpon_router
CWE
CWE-287
Improper Authentication