DASAN Networks GPON Router Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Dasannetworks (32237a59-148e-5709-b379-b9268e729f8e) |
|---|---|
| Product | Gpon Router Firmware (79a45149-51dc-5ff1-9fdd-03ba14c0d120) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-10562 |
vulnerable | 2026-06-03 14:37:53.501052 |
Details available
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Published: 2018-05-04T03:00:00.000Z
Updated: 2025-10-21T23:45:51.689Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-10561 |
vulnerable | 2026-06-03 14:37:53.499856 |
Details available
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.
Published: 2018-05-04T03:00:00.000Z
Updated: 2025-10-21T23:45:51.827Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.