Authentication Bypass Vulnerability in Dasan GPON Home Routers

Authentication Bypass Vulnerability in Dasan GPON Home Routers

CVE-2018-10561 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

Learn more about our Web Application Penetration Testing UK.