f3d0x0/GPON f3d0x0/GPON

  • Stars
    star
    209
  • Rank 188,325 (Top 4 %)
  • Language
    Python
  • Created over 6 years ago
  • Updated over 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
f3d0x0/GPON
github

f3d0x0

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) written in Python. Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.

RCE on GPON home routers (CVE-2018-10561)

Press

The Hacker News - 1

The Hacker News - 2

KitPloit

Security Affairs

Vulnerability

Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor. With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device.

At the time it was written almost ONE MILLION of these devices are exposed to the Internet, according to Shodan.

Dependencies required

requests

urllib2

Tested on

Kali Linux

Ubuntu 17.10 Server

Usage

python gpon_rce.py TARGET_URL COMMAND

e.g.

python gpon_rce.py http://192.168.1.15 'id'

Screenshots

More Repositories

1

f3d0x0.github.io

HTML
1
star