Overview
- Description
- An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- Dasan GPON Routers Authentication Bypass Vulnerability
- Exploit added on
- Mar 31, 2022
- Exploit action due
- Apr 21, 2022
- Required action
- The impacted product is end-of-life and should be disconnected if still in use.
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8153A5BC-B257-4774-8106-E77FA2239A99"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "E795B673-4FC0-4A2B-821E-63F87B90D6C6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]