CVE Tools

Description

An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.

In plain language

AI Act now

This flaw lets anyone remotely bypass the login on certain Dasan GPON home routers and take control, so a typical small business running these routers should treat it as an urgent, serious risk.

Executive summary

CVE-2018-10561 is a remote authentication bypass in Dasan GPON home router firmware where appending "?images" to authentication-required URLs allows unauthenticated attackers to access and manage the device; it is listed in CISA KEV and was added with a remediation due date in April 2022.

If affected, business impact
Full router takeoverNetwork traffic disruptionTraffic interception riskService outage for your business

What to do now

  1. Check whether your business uses a Dasan GPON home router (look for the Dasan brand/model on the router label, asset list, or ISP paperwork).
  2. If you have any Dasan GPON home routers still in service, treat them as exposed and disconnect them from the network until you can replace them.
  3. Replace the Dasan GPON home router with supported equipment provided by your ISP (or another vendor) and confirm you can log in normally.
  4. If replacing immediately isn’t possible, restrict access so the router is not reachable from the internet (e.g., ensure it is not port-forwarded and is behind a properly configured firewall/VPN).
  5. Document the change, and keep an eye on device/access logs for unusual requests to URLs that might resemble authenticated pages followed by "?images".
Some work to apply

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:HA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

and 1 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability
Added to KEV:Mar 31, 2022
Remediation due:Apr 21, 2022

Required action: The impacted product is end-of-life and should be disconnected if still in use.

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details
Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

2 techniques
Initial Access
View detailed technique mapping

References

and 3 more references View all →
2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2018-10561 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows