CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10561

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score59.6230%
EPSS Percentile95.07th
PublishedMay 4, 2018
Last ModifiedNov 5, 2025

Vulnerability Description

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Affected Platforms (CPE)

πŸ’»
Dasannetworks

Gpon Router Firmware

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107053
πŸ”— https://www.exploit-db.com/exploits/44576/
πŸ”— https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
πŸ”— http://www.securityfocus.com/bid/107053
πŸ”— https://www.exploit-db.com/exploits/44576/
πŸ”— https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561

Related Vulnerabilities

CVE-2019-99749.1

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to...

CVE-2019-39177.5

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable tel...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...