CVE-2018-10562

high-risk
Published 2018-05-04

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

Do I need to act?

!
94.0% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
44576
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Dasannetworks

References (7)

Broken Link http://www.securityfocus.com/bid/107053
Exploit https://www.exploit-db.com/exploits/44576/
Exploit https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
Broken Link http://www.securityfocus.com/bid/107053
Exploit https://www.exploit-db.com/exploits/44576/
Exploit https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
64
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 27/34 · High
Exposure 5/34 · Minimal