📄 Description (English)
Dasan GPON Routers Command Injection Vulnerability — Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
🤖 AI Executive Summary
CVE-2018-10562 is a critical command injection vulnerability in Dasan GPON routers that, when combined with the authentication bypass in CVE-2018-10561, allows unauthenticated remote code execution. This vulnerability has been actively exploited in the wild by multiple botnets including Mirai variants and has known public exploits readily available. The CVSS score of 9.0 reflects the severity, as attackers can gain full control of affected routers without any credentials. Organizations using Dasan GPON home routers or ISPs deploying these devices to customers face immediate risk of compromise.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 9, 2026 23:35
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi telecom providers (STC, Mobily, Zain) and ISPs that may have deployed Dasan GPON routers in their customer premises equipment (CPE) infrastructure. Compromised routers can be weaponized into botnets for DDoS attacks against Saudi critical infrastructure including banking (SAMA-regulated entities), government networks (NCA-protected assets), and energy sector systems (ARAMCO, SEC). Small and medium businesses across Saudi Arabia using these routers are particularly vulnerable as they may lack visibility into CPE firmware versions. The active exploitation by botnets makes this a direct threat to Saudi internet infrastructure stability.
🏢 Affected Saudi Sectors
Telecom
Government
Banking
Energy
Healthcare
Education
Small and Medium Businesses
⚖️ Saudi Risk Score (AI)
8.5
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all Dasan GPON routers in your network inventory immediately
2. Block external access to router management interfaces (ports 80/443) using upstream ACLs or firewall rules
3. Apply vendor firmware patches if available from Dasan Networks
Compensating Controls:
1. Place GPON routers behind a properly configured firewall that blocks inbound management traffic
2. Implement network segmentation to isolate CPE devices from critical infrastructure
3. If no patch is available, consider replacing Dasan GPON routers with alternative vendor equipment
4. Disable remote management features on all affected devices
Detection Rules:
1. Monitor for HTTP requests containing '/GponForm/diag_Form' with command injection patterns
2. Deploy IDS/IPS signatures for CVE-2018-10562 (Snort/Suricata rules available)
3. Monitor for unusual outbound traffic from GPON router IP ranges indicating botnet activity
4. Check for indicators of Mirai botnet variants on network segments with these devices
5. Audit router configurations for unauthorized changes or backdoor accounts
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة توجيه Dasan GPON في شبكتك فوراً
2. حظر الوصول الخارجي إلى واجهات إدارة الراوتر (المنافذ 80/443) باستخدام قوائم التحكم في الوصول أو قواعد جدار الحماية
3. تطبيق تحديثات البرامج الثابتة من شركة Dasan Networks إن توفرت
الضوابط التعويضية:
1. وضع أجهزة GPON خلف جدار حماية مُعد بشكل صحيح يحظر حركة الإدارة الواردة
2. تنفيذ تجزئة الشبكة لعزل أجهزة CPE عن البنية التحتية الحرجة
3. في حالة عدم توفر تصحيح، النظر في استبدال أجهزة Dasan GPON بمعدات من مورد بديل
4. تعطيل ميزات الإدارة عن بُعد على جميع الأجهزة المتأثرة
قواعد الكشف:
1. مراقبة طلبات HTTP التي تحتوي على '/GponForm/diag_Form' مع أنماط حقن الأوامر
2. نشر توقيعات IDS/IPS لـ CVE-2018-10562
3. مراقبة حركة المرور الصادرة غير العادية من نطاقات IP لأجهزة GPON التي تشير إلى نشاط بوت نت
4. التحقق من مؤشرات متغيرات بوت نت Mirai على قطاعات الشبكة التي تحتوي على هذه الأجهزة
5. تدقيق تكوينات الراوتر للتغييرات غير المصرح بها أو الحسابات الخلفية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC-2:3-1 (Asset Management)
ECC-2:5-1 (Network Security)
ECC-2:5-2 (Network Security Monitoring)
ECC-2:4-3 (Vulnerability Management)
ECC-2:6-1 (Incident Management)
🔵 SAMA CSF
3.3.3 (Network Security Management)
3.3.4 (System Security)
3.3.7 (Vulnerability Management)
3.4.1 (Incident Detection)
3.3.5 (Internet Security)
🟡 ISO 27001:2022
A.8.9 (Configuration Management)
A.8.8 (Management of Technical Vulnerabilities)
A.8.20 (Networks Security)
A.8.21 (Security of Network Services)
A.8.16 (Monitoring Activities)
🟣 PCI DSS v4.0
Requirement 6.3.3 (Patching Security Vulnerabilities)
Requirement 1.2.1 (Network Security Controls)
Requirement 11.3 (Vulnerability Scanning)
🔗 References & Sources 0
No references.
📦 Affected Products / CPE 1 entries
Dasan:Gigabit Passive Optical Network (GPON) Routers