← Back

Gpon Router Firmware

gpon_router_firmware

Vendor: Dasannetworks • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-10562
1Dasannetworks
1Gpon Router Firmware
Nov 5, 2025
May 4, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and tra...Show more
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.Show less
CVE-2018-10561
1Dasannetworks
1Gpon Router Firmware
Nov 5, 2025
May 4, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ o...Show more
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.Show less