Dasan.GPON.Remote.Code.Execution
Description
This indicates an attack attempt against a Remote Code Execution vulnerability in Dasan GPON.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.
Outbreak Alert
FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware.
Affected Products
ZNID-GPON-25xx and certain H640-series ONTs
Impact
Device Compromise: Remote attackers can gain control of vulnerable devices.
Recommended Actions
Currently no official patch, you can patch it here
https://www.vpnmentor.com/tools/gpon-router-antidote-patch/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |