virus logo Intrusion Prevention

Dasan.GPON.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt against a Remote Code Execution vulnerability in Dasan GPON.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.

description-logoOutbreak Alert

FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware.

View the full Outbreak Alert Report

affected-products-logoAffected Products

ZNID-GPON-25xx and certain H640-series ONTs

Impact logoImpact

Device Compromise: Remote attackers can gain control of vulnerable devices.

recomended-action-logoRecommended Actions

Currently no official patch, you can patch it here
https://www.vpnmentor.com/tools/gpon-router-antidote-patch/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-02-01 19.251 Sig Added
2020-07-09 15.882 Sig Added
2019-02-11 14.548 Sig Added
2018-10-04 13.464 Sig Added

References

44576 https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
ID 46083
Created May 24, 2018
Updated Jan 31, 2022
Outbreak Alert Router Malware Attack
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2018-10562 CVE-2018-10561
EPSS 97.44%
Default Action drop
Active
Affected OS Linux, Other
Affected App Other