CVE-2018-10561: Dasan GPON Routers Authentication Bypass Vulnerability
First published: Fri May 04 2018(Updated: )
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dasan Networks GPON Router Firmware | ||
| Dasan Networks GPON Router Firmware | ||
| All of | ||
| Dasan Networks GPON Router Firmware | ||
| Dasan Networks GPON Router Firmware | ||
| Dasan Networks GPON Router Firmware | ||
| All of | ||
Remedy
The impacted product is end-of-life and should be disconnected if still in use.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/107053
- https://www.exploit-db.com/exploits/44576/
- https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
- https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/
- https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/
- https://nvd.nist.gov/vuln/detail/CVE-2018-10561
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2018-10561?
CVE-2018-10561 is classified as a critical vulnerability due to its potential to allow unauthorized access to the device.
How do I fix CVE-2018-10561?
To fix CVE-2018-10561, update the Dasan GPON router firmware to the latest version provided by the vendor.
What devices are affected by CVE-2018-10561?
CVE-2018-10561 affects Dasan Networks GPON routers that have the vulnerable firmware installed.
How does CVE-2018-10561 impact device security?
CVE-2018-10561 impacts device security by allowing attackers to bypass authentication, gaining unauthorized access to device controls.
What is the exploit method for CVE-2018-10561?
The exploit method for CVE-2018-10561 involves appending '?images' to URLs that require authentication to access the router's management interface.
- agent/type
- agent/description
- agent/remedy
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- collector/the-register
- source/The Register
- alias/CVE-2024-41710
- alias/CVE-2018-17532
- alias/CVE-2023-26801
- alias/CVE-2022-31137
- alias/CVE-2018-10562
- alias/CVE-2018-10561
- collector/bleeping-computer
- source/BleepingComputer
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-cve
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- agent/news-ai
- agent/weakness
- agent/severity
- vendor/dasannetworks
- canonical/dasan networks gpon router firmware
- vendor/dasan