SB2018051510 - Multiple vulnerabilities in Dasan GPON routers
Published: May 15, 2018 Updated: December 14, 2018
Security Bulletin ID
SB2018051510
Severity
Critical
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Authentication bypass (CVE-ID: CVE-2018-10561)
The vulnerability allows a remote attacker to bypass authentication on the target system.The weakness exists due to improper authentication restrictions. A remote attacker can bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI.
Note: the vulnerability is being exploited by various attachers to deliver several Mirai variants (e.g., Satori, JenX, etc.).
2) Command injection (CVE-ID: CVE-2018-10562)
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.The weakness exists due to command injection via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. A remote attacker can inject arbitrary commands and execute arbitrary code because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html.
Remediation
Install update from vendor's website.