mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-21 17:16:51 +02:00
0xMarcio
2.0 KiB
2.0 KiB
CVE-2018-10562
Description
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
POC
Reference
Github
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/sectool
- https://github.com/649/Pingpon-Exploit
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ATpiu/CVE-2018-10562
- https://github.com/Charlemagne-ai/aws-tpot-honeypot
- https://github.com/Choudai/GPON-LOADER
- https://github.com/ExiaHan/GPON
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Truongnn92/GPON
- https://github.com/c0ld1/GPON_RCE
- https://github.com/duggytuxy/malicious_ip_addresses
- https://github.com/ethicalhackeragnidhra/GPON
- https://github.com/f3d0x0/GPON
- https://github.com/lnick2023/nicenice
- https://github.com/manyunya/GPON
- https://github.com/mr-won/backdoor.mirai.helloworld
- https://github.com/nixawk/labs
- https://github.com/oneplus-x/MS17-010
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/tpdlshdmlrkfmcla/backdoor.mirai.helloworld
- https://github.com/user20252228/backdoor.mirai.helloworld
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xuguowong/Mirai-MAL