Last Updated: 2018-05-20 22:43:07 UTC
by Didier Stevens (Version: 1)
Beginning of May, 2 vulnerabilities with exploits were released for DASAN GPON home routers: CVE 2018-10561 and CVE 2018-10562. The first vulnerability allows unauthenticated access to the Internet facing web interface of the router, the second vulnerability allows command injection.
Soon after the disclosure, we started to observe exploit attempts on our servers:
Exploits attempt are easy to recognize: the URL contains string /GponForm/diag_FORM?images/.
We observed scans targeting just GPON devices, and scans combining GPON and Drupal exploits.
Please post a comment if you've observed these exploit attempts too.