GPON routers – new elements of your botnet attacks?

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections for cellulas base stations, home access points, DAS. Primary regions with GPON devices include Vietnam, Mexico, Kazakhstan.

Top countries Number of Devices
Mexico 492,080
Kazakhstan 374,473
Vietnam 146,115

               

There are two flaws at the moment

The first one (CVE-2018-10561) allows anyone ( possibly attackers ) to remotely bypass the router’s authentication by simply adding a string „?images/” to the end of the URL.

The second one is (CVE-2018-10562) allows the attacker the ability to execute code remotely on the compromised device.

Cybercriminals have already started expliting these vulnerablities, in this case BitNinja is a must to have on your server in order to protect yourself.

Unfortunately the patch from Dasan is not even in development, as they have not shared any information. Almost a million vulnerable GPON routers are still exposed ont he Internet.