← Back

Dasannetworks

dasannetworks

10 CVEs • 13 products

Products (13)

Click to collapse
Toggle
H660rm Firmware
h660rm_firmware
3 CVEs
Gpon Router Firmware
gpon_router_firmware
2 CVEs
H640x Firmware
h640x_firmware
1 CVE
H660gw Firmware
h660gw_firmware
1 CVE
H665 Firmware
h665_firmware
1 CVE
W Web
w-web
1 CVE
Ds2924 Firmware
ds2924_firmware
1 CVE
H640x
h640x
0 CVEs
Gpon Router
gpon_router
0 CVEs
H660gw
h660gw
0 CVEs
H665
h665
0 CVEs
H660rm
h660rm
0 CVEs
Ds2924
ds2924
0 CVEs

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-63206
1Dasannetworks
1Ds2924 Firmware
Dec 31, 2025
Nov 19, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web brow...Show more
An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies in the web browser.Show less
CVE-2023-42495
1Dasannetworks
1W Web
Nov 21, 2024
Dec 13, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-9976
1Dasannetworks
1H660rm Firmware
Nov 21, 2024
Apr 11, 2019
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
The Boa server configuration on DASAN H660RM devices with firmware 1.03-0022 logs POST data to the /tmp/boa-temp file, which allows logged-in users to read the credentials of administration web interface users.
CVE-2019-9975
1Dasannetworks
1H660rm Firmware
Nov 21, 2024
Apr 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
DASAN H660RM devices with firmware 1.03-0022 use a hard-coded key for logs encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2019-9974
1Dasannetworks
1H660rm Firmware
Nov 21, 2024
Apr 11, 2019
N/A· v4
9.1 CRITICAL· v3
6.4 MEDIUM· v2
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a...Show more
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.Show less
CVE-2019-8950
1Dasannetworks
1H665 Firmware
Nov 21, 2024
Feb 20, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2018-17867
1Dasannetworks
1H660gw Firmware
Nov 21, 2024
Oct 1, 2018
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
The Port Forwarding functionality on DASAN H660GW devices allows remote attackers to execute arbitrary code via shell metacharacters in the cgi-bin/adv_nat_virsvr.asp Addr parameter (aka the Local IP Address field).
CVE-2018-10562
1Dasannetworks
1Gpon Router Firmware
Nov 5, 2025
May 4, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and tra...Show more
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.Show less
CVE-2018-10561
1Dasannetworks
1Gpon Router Firmware
Nov 5, 2025
May 4, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ o...Show more
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.Show less
CVE-2017-18046
1Dasannetworks
1H640x Firmware
Nov 21, 2024
Jan 21, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login...Show more
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).Show less