33 matches found
CVE-2025-29525
DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel...
CVE-2025-29524
Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...
CVE-2025-29525
DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel...
CVE-2025-29524
Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent...
Dasan GPON Routers Authentication Bypass Vulnerability
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution...
Dasan GPON Routers Command Injection Vulnerability
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
The vulnerability of the Dasan GPON router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows attackers to perform arbitrary actions with administrator privileges.
The vulnerability of the microprogramming software of the Dasan GPON router is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor, operating remotely, to perform arbitrary actions with administrator privileges...
D-Link, Dasan Routers Under Attack In Yet Another Assault
Unpatched D-Link and Dasan GPON router vulnerabilities are being targeted by hackers attempting to build a botnet army, according to research published Friday by eSentire Threat Intelligence. Researchers observed on Thursday a massive uptick in exploit attempts from over 3,000 different source IP...
VulnCheck KEV: CVE-2018-10562
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
Exploit for OS Command Injection in Dasannetworks Gpon_Router_Firmware
GPON-LOADER Exploit loader for Remote...
Dasan GPON Router Remote Command Injection (CVE-2018-10562)
A remote command execution vulnerability exists in Dasan GPON routers. A remote attacker could exploit this vulnerability by sending a malicious request to the victim. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the context of the target user...
Dasan GPON Router Authentication Bypass (CVE-2018-10561)
An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
A Simple Tool Released to Protect Dasan GPON Routers from Remote Hacking
Since hackers have started exploiting two recently disclosed unpatched critical vulnerabilities found in GPON home routers, security researchers have now released an unofficial patch to help millions of affected users left vulnerable by their device manufacturer. Last week, researchers at vpnMent...
VulnCheck KEV: CVE-2018-10561
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution...
CVE-2018-10562
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...
Authentication flaw
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diagFORM?images/ URI. One can then manage the device...
Command injection
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...
CVE-2018-10561
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diagFORM?images/ URI. One can then manage the device...
CVE-2018-10562
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...