Enhancement: cves/2018/CVE-2018-10562.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-12 15:42:18 -04:00
parent ad6637e1d7
commit e547884d41
1 changed files with 1 additions and 1 deletions

View File

@ -4,7 +4,7 @@ info:
name: Dasan GPON Devices - Remote Code Execution name: Dasan GPON Devices - Remote Code Execution
author: gy741 author: gy741
severity: critical severity: critical
description: Dasan GPON home routers are susceptible to command Injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping
results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
reference: reference:
- https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router