RSS   Podatności dla 'Gpon router firmware'   RSS

2018-05-03
 
CVE-2018-10562

CWE-78
 

 
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

 
 
CVE-2018-10561

CWE-287
 

 
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

 

 >>> Vendor: Dasannetworks 5 Produkty
H640x firmware
Gpon router firmware
H660gw firmware
H665 firmware
H660rm firmware


Copyright 2024, cxsecurity.com

 

Back to Top