CVE-2020-8958

Name of the Vulnerable Software and Affected Versions Guangzhou 1GE ONU V2801RW versions 1.9.1-181203 through 2.9.0-181024 Guangzhou 1GE ONU V2804RGW versions 1.9.1-181203 through 2.9.0-181024 V-SOL Home Routers (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field. This command injection vulnerability is gaining attention and has been observed in a significant portion of traffic, with 8 IPs composing nearly 50% of observed traffic.

Recommendations For Guangzhou 1GE ONU V2801RW versions 1.9.1-181203 through 2.9.0-181024, restrict access to the boaform/admin/formPing endpoint to minimize the risk of exploitation. For Guangzhou 1GE ONU V2804RGW versions 1.9.1-181203 through 2.9.0-181024, avoid using the Dest IP Address field in the boaform/admin/formPing endpoint until the issue is resolved. For V-SOL Home Routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.