An issue was discovered in GPON ONT Home Gateway web administration interface. A remote command execution vulnerability exists in /GponForm/device_Form?script/ component due to insufficient input validation. An authenticated, remote attacker can exploit this to escalate their permissions level and execute arbitrary commands with root privileges.
Note that Nessus has authenticated to GPON Home Gateway web interface by using supplied credentials or utilized an authentication bypass (CVE-2018-10561) issue in order to exploit this vulnerability.
Binary data gpon_cve-2019-3920.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
dasannetworks | gpon_router | cpe:/a:dasannetworks:gpon_router |