CVE-2018-10562
CVE-2018-10562
In short
A security flaw in Dasan GPON routers allows attackers to run arbitrary commands by sending specially crafted ping requests to the router's web interface. An attacker can exploit this to take full control of the router and access sensitive information.
Technical detail
Command injection vulnerability in the dest_host parameter of diag_action=ping requests to GponForm/diag_Form endpoint. The vulnerability allows unauthenticated remote code execution due to insufficient input validation; attacker-controlled commands are executed server-side with router privileges, with output persisted in /tmp and retrievable via subsequent requests to /diag.html.
Summary generated and translated by AI from the official description.
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 8
githubgithub.com/649/Pingpon-Exploit★ 24githubgithub.com/c0ld1/GPON_RCE★ 4githubgithub.com/ATpiu/CVE-2018-10562★ 3githubgithub.com/Choudai/GPON-LOADER★ 2githubgithub.com/tpdlshdmlrkfmcla/backdoor.mirai.helloworld★ 0githubgithub.com/ExiaHan/GPON★ 0exploitdbwww.exploit-db.com/exploits/44576unverifiedcve_referencewww.exploit-db.com/exploits/44576/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →