CVE-2017-18046

Name of the Vulnerable Software and Affected Versions: Dasan GPON ONT WiFi Router H640X versions 12.02-01121 2.77p1-1124 through 3.03p2-1146

Description: A buffer overflow issue allows remote attackers to execute arbitrary code via a long POST request to the "login action" function in the "/cgi-bin/login action.cgi" endpoint (also known as "cgipage.cgi").

Recommendations: For versions 12.02-01121 2.77p1-1124 through 3.03p2-1146, as a temporary workaround, consider disabling the login action function in the /cgi-bin/login action.cgi endpoint until a patch is available. Restrict access to the /cgi-bin/login action.cgi endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.