CVE-2019-9974

Name of the Vulnerable Software and Affected Versions DASAN H660RM GPON routers with firmware 1.03-0022

Description The issue concerns a lack of authorization check in the diag tool.cgi component, allowing remote attackers to send a GET request and execute a ping command. This can be used to enumerate LAN devices or potentially crash the router with a Denial of Service (DoS) attack.

Recommendations For DASAN H660RM GPON routers with firmware 1.03-0022, consider restricting access to the diag tool.cgi component until a patch is available. As a temporary workaround, limiting the exposure of the router to the internet or implementing network segmentation to reduce the attack surface can help mitigate the risk.