Vulnerability: Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it’s quite simple to execute commands and retrieve their output.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with root privileges on the affected device.

Severity

critical

Verified

Unknown