CVE-2018-10561

Published: May 4, 2018Modified: Nov 5, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Affected (1)

Products: Dasannetworks: Gpon Router Firmware

1 product

Gpon Router Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dasannetworks Gpon Router Firmware	All versions

Running on/with	Platform Versions
Dasannetworks Gpon Router	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (7)

http://www.securityfocus.com/bid/107053

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44576/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/

Source: cve@mitre.org

ExploitTechnical DescriptionThird Party Advisory

http://www.securityfocus.com/bid/107053

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/44576/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.