An issue was discovered in GPON ONT Home Gateway Router web administration interface. Remote Command Execution could be triggered by sending a HTTP POST request to ‘GponForm/diag_Form’ URI with malicious shell script added to dest_host parameter. Because the router saves ping and traceroute command execution results in /tmp and transmits them to the user when the user revisits /diag.html, it’s possible to execute arbitrary commands and retrieve their output.
This allows an attacker to fully control the target device.
Binary data gpon_cve-2018-10562.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
dasannetworks | gpon_router | cpe:/a:dasannetworks:gpon_router |