CVE-2018-10561

Name of the Vulnerable Software and Affected Versions Dasan GPON home routers (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure of the Dasan GPON home routers. It allows a remote attacker to bypass authentication and gain full control over the device by appending "?images/" to any URL that requires authentication, such as "/menu.html?images/" or "/GponForm/diag FORM?images/". This enables the attacker to manage the device.

Recommendations For Dasan GPON home routers, as a temporary workaround, consider restricting access to URLs that require authentication until a patch is available. Avoid using URLs with the "?images/" parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.