Vpnmentor

**Name of the Vulnerable Software and Affected Versions** Dasan GPON home routers (affected versions not specified) **Description** The issue is related to weaknesses in the authentication procedure of the Dasan GPON home routers. It allows a remote attacker to bypass authentication and gain full control over the device by appending "?images/" to any URL that requires authentication, such as "/menu.html?images/" or "/GponForm/diag FORM?images/". This enables the attacker to manage the device. **Recommendations** For Dasan GPON home routers, as a temporary workaround, consider restricting access to URLs that require authentication until a patch is available. Avoid using URLs with the "?images/" parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.