HTTP: GPON Routers Authentication Bypass

This signature detects attempts to exploit a known vulnerability against GPON Routers. A successful attack can lead to Authentication Bypass.

Extended Description

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

References

BugTraq: 107053

CVE: CVE-2018-10561

Short Name
HTTP:MISC:GPON-ROUTER-AUTH-BY
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Authentication Bypass CVE-2018-10561 GPON Routers bid:107053
Release Date
02/14/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3415
False Positive
Rarely
CVSS Score

7.5

Found a potential security threat?