一、 漏洞 CVE-2018-10562 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在 Dasan GPON 家庭路由器上发现了一个问题。命令注入可以通过一个 diag_action=ping 请求中的 dest_host 参数来发生,该请求发送到 GponForm/diag_Form URI。因为路由器在用户重定向到 /diag.html 时将ping结果保存在 /tmp 目录中并向用户发送,因此执行命令并获取其输出非常简单。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Dasan GPON家庭路由器命令注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Dasan GPON是韩国Dasan公司的一款家用路由器产品。 Dasan GPON家庭路由器中存在命令注入漏洞,该漏洞源于用户再次访问/diag.html页面时路由器将因特网包探索器的结果保存在/tmp中并将它传输给用户。攻击者可通过向GponForm/diag_Form URI发送带有‘dest_host’参数的diag_action=ping请求利用该漏洞执行命令并检索输出。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2018-10562 的公开POC
# POC 描述 源链接 神龙链接
1 Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work. https://github.com/f3d0x0/GPON POC详情
2 Exploit for Mass Remote Code Execution on GPON home routers (CVE-2018-10562) obtained from Shodan. https://github.com/649/Pingpon-Exploit POC详情
3 Exploit loader for Remote Code Execution w/ Payload on GPON Home Gateway devices (CVE-2018-10562) written in Python. https://github.com/Choudai/GPON-LOADER POC详情
4 Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. https://github.com/c0ld1/GPON_RCE POC详情
5 Exploit for CVE-2018-10562 https://github.com/ATpiu/CVE-2018-10562 POC详情
6 Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work. https://github.com/ExiaHan/GPON POC详情
7 backdoor.mirai.helloworld cve2018-20561, cve-2018-10562 https://github.com/mr-won/backdoor.mirai.helloworld POC详情
8 Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10562.yaml POC详情
9 backdoor.mirai.helloworld cve2018-20561, cve-2018-10562 https://github.com/user20252228/backdoor.mirai.helloworld POC详情
三、漏洞 CVE-2018-10562 的情报信息