Critical vulnerability RCE is found in more than a million GPON Home routers

More than a million fiber-optic GPON routers can be remotely accessible, thanks to an authentication traversal error that is easily used.

A method was discovered to bypass authentication on GPON devices by changing the URL in the address bar of the browser when accessing the device (CVE-2018-10561). With this authentication traversal method, it is also possible to exploit another vulnerability with respect to entering commands (CVE-2018-10562).

An authentication error allows you to bypass the login page of the router and access the pages by simply adding "? Images /" (permissible also? Script / and? Style /) to the end of the web address on any page of the router's configuration, giving the attacker almost complete access to the router. Because the ping and traceroute commands on the device diagnostic page are at the "root" level, other commands can also be remotely started on the device.

After checking the presence of this vulnerability on GPON routers of telecommunication operators of the Republic of Kazakhstan, a vulnerability was found in most of them and its operation can lead to compromise of the entire network and to conducting a distributed denial of service attack.

The relevant information and recommendations are sent to the communication operators of the Republic of Kazakhstan. Link to video -