Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack

Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. From a report: Attacks started yesterday, Thursday, May 3, according to Netlab, the network security division of Chinese cyber-security vendor Qihoo 360. Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the two vulnerabilities via the VPNMentor blog. His findings detail two flaws -- an authentication bypass (CVE-2018-10561) and a remote code execution vulnerability (CVE-2018-10562). The most ludicrous of these two flaws is the first, which basically allows anyone to access the router's internal settings by appending the "?images" string to any URL, effectively giving anyone control over the router's configuration.

Re: Hey Laser Lips

Begone, vile degenerated Trump Eunuch!

Flaws?

[tomhath]

The most ludicrous of these two flaws is the first, which basically allows anyone to access the router's internal settings by appending the "?images" string to any URL, effectively giving anyone control over the router's configuration.

Sounds more like a backdoor

Re:Flaws?

[arglebargle_xiv]

It depends. If it's a US product then it's most likely a backdoor, if it's made in Asia, particularly China, it's standard programming practice.

That's not snark, it really is, security is just a zero-priority thing for products from there. And when you find the vulns there's close to zero chance of ever getting them fixed.

It's a Chinese router

It's a Chinese router, enough said.

Re:It's a Chinese router

[olsmeister]

It's a South Korean company, although the routers are probably built in China.

HIllary lost

And you are also a loser.

No

Its apparently South Korean. That is even worse.

Re:No

Wouldn't North Korea be even worse?

Really ?

Sounds like Very Sloppy Coding.

If you had to implement a backdoor, wouldn't you want to conceal it a bit better ???

Re:Really ?

[DontBeAMoran]

Instead of using "?images" I would use "?notabackdoor".

Why ?

Because they do not suck US cock ?

Apparently their cyber capabilities are top class. It was reported they broke into a rather central system of the south korean defence ministry.

All we hear from South Korea is super crappy IT security. I guess they drink too much Coke and eat too much burgers with dangerous fats.

Vulnerabilities are under attack?

[llamalad]

What?

Should rename it...

the StraPON router... because using it means your about to get fucked.

Re:Should rename it...

...in the back door!

Re: offensive article

Actually, the sexism is built into English grammar. In English, the impersonal pronoun is the same as the male pronoun.

Re: offensive article

[tomhath]

An SJW can't make that distinction. If it doesn't adhere to his definition of correct, it's disgusting ;^)

Botnet herders

[fustakrakich]

Oh give me LAN, lots of LAN...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: offensive article

[green1]

While true, there is growing support for the gender neutral singular "They" pronoun, in fact, it's already well established.

That said, using male pronouns in this case is also perfectly acceptable in English, and many style guides still insist on it.

Affects Mexic, Kazakhstan, and Vietnam

As long as it isn't Comcast, CenturyLink, or Cox we're all good here in the U.S. Um, to everyone affected, have fun!

Re:offensive article

Shut up cocksucker unless you have something useful to add. Otherwise kill yourself. Now.

Re: offensive article

That is stupid. One does not simply conflate the singular with the plural.

Re: offensive article

[green1]

To be modded funny? Or oblivious?