Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-05-20 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

DASAN GPON home routers exploits in-the-wild

Published: 2018-05-20
Last Updated: 2018-05-20 22:43:07 UTC
by Didier Stevens (Version: 1)
2 comment(s)

Beginning of May, 2 vulnerabilities with exploits were released for DASAN GPON home routers: CVE 2018-10561 and CVE 2018-10562. The first vulnerability allows unauthenticated access to the Internet facing web interface of the router, the second vulnerability allows command injection.

Soon after the disclosure, we started to observe exploit attempts on our servers:

Exploits attempt are easy to recognize: the URL contains string /GponForm/diag_FORM?images/.

We observed scans targeting just GPON devices, and scans combining GPON and Drupal exploits.

Please post a comment if you've observed these exploit attempts too.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: gpon router exploit
2 comment(s)
Diary Archives