Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

CVE-2025-63206

The CVE-2025-63206 entry describes an authentication bypass in the Dasan Switch DS2924 web interface affecting firmware versions 1.01.18 and 1.02.00. The root cause is storing crafted cookies in the browser to gain escalated privileges. The CVSSv3.1 base score is 9.8 (CRITICAL), with network atta...

Dasan Switch DS2924 安全漏洞

The Dasan Switch DS2924 is an Ethernet switch from Dasan Korea. A security vulnerability exists in the Dasan Switch DS2924 version 1.01.18 and 1.02.00, which stems from an authentication bypass that could lead to elevated privileges...

CVE-2025-63206

An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser...

PT-2025-47493

Name of the Vulnerable Software and Affected Versions Dasan Switch DS2924 versions 1.01.18 and 1.02.00 Description An authentication bypass exists in the web based interface of Dasan Switch DS2924. Successful exploitation allows attackers to gain escalated privileges by storing specially crafted...

Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors

Malware campaigns distributing the RondoDox botnet have expanded their targeting focus to exploit more than 50 vulnerabilities across over 30 vendors. The activity, described as akin to an "exploit shotgun" approach, has singled out a wide range of internet-exposed infrastructure, including...

EUVD-2019-18337

Malware in sbrugna...

EUVD-2018-9610

Malware in sbrugna...

EUVD-2019-19329

Malware in sbrugna...

EUVD-2019-19330

Malware in sbrugna...

EUVD-2018-9611

Malware in sbrugna...

EUVD-2018-9609

Malware in sbrugna...

EUVD-2019-19328

Malware in sbrugna...

EUVD-2025-25701

Malicious code in bioql PyPI...

EUVD-2023-46935

Malicious code in bioql PyPI...

CVE-2025-29524

Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...