CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-10561

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score59.6230%
EPSS Percentile95.07th
Published2018年5月4日
Last Modified2025年11月5日

Vulnerability Description

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Affected Platforms (CPE)

💻
Dasannetworks

Gpon Router Firmware

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/107053
🔗 https://www.exploit-db.com/exploits/44576/
🔗 https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
🔗 http://www.securityfocus.com/bid/107053
🔗 https://www.exploit-db.com/exploits/44576/
🔗 https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-10561

相关漏洞威胁

CVE-2019-99749.1

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to...

CVE-2019-39177.5

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable tel...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...