This indicates an attack attempt against a Remote Code Execution vulnerability in Dasan GPON.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted request.

description-logoOutbreak Alert

FortiGuard Labs has observed various router vulnerabilities being exploited in the wild to distribute malware such as MooBot Malware, Lucifer Malware, BotenaGo Botnet, Zerobot Malware, Enemybot Malware.

View the full Outbreak Alert Report

affected-products-logoAffected Products

ZNID-GPON-25xx and certain H640-series ONTs

Impact logoImpact

Device Compromise: Remote attackers can gain control of vulnerable devices.

recomended-action-logoRecommended Actions

Currently no official patch, you can patch it here

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-03-06 27.744 Sig Added
2022-02-01 19.251 Sig Added
2020-07-09 15.882 Sig Added
2019-02-11 14.548 Sig Added
2018-10-04 13.464 Sig Added