📄 Description (English)
Dasan GPON Routers Authentication Bypass Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
🤖 AI Executive Summary
CVE-2018-10561 is a critical authentication bypass vulnerability in Dasan GPON routers that allows attackers to bypass authentication mechanisms by appending '?images/' to any URL. When chained with CVE-2018-10562 (command injection), it enables full remote code execution on affected devices. This vulnerability has been actively exploited in the wild by multiple botnets including Mirai variants, and exploit code is publicly available. Given the widespread deployment of GPON routers in ISP infrastructure, this poses a severe risk to network perimeter security.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 9, 2026 23:35
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecom operators (STC, Mobily, Zain) and ISPs that may deploy GPON routers in their fiber-to-the-home (FTTH) infrastructure. Saudi Arabia's massive FTTH expansion under Vision 2030 increases the potential attack surface. Compromised GPON routers can be weaponized into botnets for DDoS attacks against critical Saudi infrastructure including ARAMCO, government portals, and banking systems regulated by SAMA. Small and medium enterprises relying on ISP-provided GPON equipment are particularly vulnerable. Energy sector facilities in remote locations using GPON connectivity could face unauthorized network access.
🏢 Affected Saudi Sectors
Telecom
Government
Energy
Banking
Healthcare
Education
Small and Medium Enterprises
⚖️ Saudi Risk Score (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all Dasan GPON routers in your network inventory using asset discovery tools
2. Block external access to GPON router management interfaces (ports 80/443) using firewall rules
3. Apply vendor firmware patches if available from Dasan Networks
Compensating Controls:
4. Place all GPON router management interfaces behind VPN or jump hosts
5. Implement network segmentation to isolate GPON devices from critical infrastructure
6. Deploy IDS/IPS rules to detect exploitation attempts — look for HTTP requests containing '?images/' appended to management URLs
7. Monitor for indicators of compromise including unexpected outbound connections from GPON devices
8. Consider replacing end-of-life Dasan GPON equipment with supported alternatives
Detection Rules:
9. Snort/Suricata rule: alert http any any -> $HOME_NET any (msg:"GPON Auth Bypass Attempt"; content:"?images/"; http_uri; sid:1000001;)
10. Monitor for Mirai botnet indicators on network segments with GPON devices
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة توجيه Dasan GPON في جرد أصول الشبكة باستخدام أدوات اكتشاف الأصول
2. حظر الوصول الخارجي إلى واجهات إدارة أجهزة توجيه GPON (المنافذ 80/443) باستخدام قواعد جدار الحماية
3. تطبيق تحديثات البرامج الثابتة من الشركة المصنعة Dasan Networks إن توفرت
الضوابط التعويضية:
4. وضع جميع واجهات إدارة أجهزة توجيه GPON خلف VPN أو خوادم القفز
5. تنفيذ تجزئة الشبكة لعزل أجهزة GPON عن البنية التحتية الحرجة
6. نشر قواعد IDS/IPS للكشف عن محاولات الاستغلال — البحث عن طلبات HTTP التي تحتوي على '?images/' ملحقة بعناوين URL الإدارية
7. مراقبة مؤشرات الاختراق بما في ذلك الاتصالات الصادرة غير المتوقعة من أجهزة GPON
8. النظر في استبدال أجهزة Dasan GPON المنتهية الدعم ببدائل مدعومة
قواعد الكشف:
9. قاعدة Snort/Suricata: للكشف عن محاولات تجاوز مصادقة GPON
10. مراقبة مؤشرات شبكة بوت نت Mirai على قطاعات الشبكة التي تحتوي على أجهزة GPON
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2:3-1 (Asset Management)
ECC-2:5-1 (Network Security)
ECC-2:5-2 (Access Control)
ECC-2:6-1 (Vulnerability Management)
ECC-2:7-1 (Incident Management)
🔵 SAMA CSF
3.3.3 (Network Security Management)
3.3.4 (Access Control)
3.3.7 (Vulnerability Management)
3.3.11 (Cyber Security Event Management)
🟡 ISO 27001:2022
A.8.9 (Configuration Management)
A.8.20 (Network Security)
A.8.8 (Management of Technical Vulnerabilities)
A.8.23 (Web Filtering)
🟣 PCI DSS v4.0
PCI DSS 6.3.3 (Patching Security Vulnerabilities)
PCI DSS 1.3 (Network Access Controls)
PCI DSS 11.3 (Penetration Testing)
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Dasan:Gigabit Passive Optical Network (GPON) Routers