CyberSec.Space Logo
Back to CVE Browser

CVE-2018-10562

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score50.4150%
EPSS Percentile94.86th
PublishedMay 4, 2018
Last ModifiedNov 5, 2025

Vulnerability Description

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

Affected Platforms (CPE)

πŸ’»
Dasannetworks

Gpon Router Firmware

All versions

References & Advisories

πŸ”— http://www.securityfocus.com/bid/107053
πŸ”— https://www.exploit-db.com/exploits/44576/
πŸ”— https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
πŸ”— http://www.securityfocus.com/bid/107053
πŸ”— https://www.exploit-db.com/exploits/44576/
πŸ”— https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10562

Related Vulnerabilities

CVE-2019-99749.1

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to...

CVE-2019-39177.5

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable tel...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...