Описание
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Ссылки
- Broken LinkThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitTechnical DescriptionThird Party Advisory
- US Government Resource
Уязвимые конфигурации
Одновременно
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Уязимость микропрограммного обеспечения маршрутизатора Dasan GPON, связанная с непринятием мер по чистке данных на управляющем уровне, позволяющая нарушителю выполнять произвольные действия с привилегиями администратора
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2