Short Name |
HTTP:MISC:GPON-ROUTER-AUTH-BY |
---|---|
Severity |
Major |
Recommended |
No |
Category |
HTTP |
Keywords |
GPON Routers Authentication Bypass |
Release Date |
2020/02/13 |
Update Number |
3255 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against GPON Routers. A successful attack can lead to Authentication Bypass.
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.