10 matches found
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...
Dasan GPON Routers Command Injection Vulnerability
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
GPON ONT Home Gateway Authenticated Remote Command Execution (CVE-2019-3920)
Binary data gponcve-2019-3920.nbin...
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
Alcatel-Lucent Nokia GPON I-240W-Q - Buffer Overflow !/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm...
GPON ONT Home Gateway Router is vulnerable to authentication bypass (CVE-2018-10561)
Binary data gponcve-2018-10561.nbin...
VulnCheck KEV: CVE-2018-10562
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
Dasan GPON Router Authentication Bypass (CVE-2018-10561)
An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
CVE-2018-10561
creationtimestamp| type| source ---|---|--- 2018-05-10 10:42:33+00:00| seen| MISP/5af412ea-4254-4668-b1ea-44bc950d210f 2018-05-10 16:08:26+00:00| published-proof-of-concept| https://t.me/canyoupwnme/3739 2018-06-18 09:04:01+00:00| seen| MISP/5b2774da-6bb4-46c0-8483-43e102de0b81 2019-01-25...
CVE-2018-10561
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diagFORM?images/ URI. One can then manage the device...
CVE-2018-10561
CVE-2018-10561 describes an authentication bypass in Dasan GPON home routers. The vulnerability allows an attacker to bypass login by appending “?images” to URLs on pages that require authentication (e.g., /menu.html?images/ or /GponForm/diag_FORM?images/), potentially granting the attacker acces...