Wednesday, December 6, 2023

RCE Vulnerability Over 1 Million Fiber Router Allows Attacker to Bypass all Authentication in Entire Network

By Balaji

Update: Now VPN Mentor has been released a user-friendly patch for affected users who can provide their WebUI URL of the router and run the script that will perform further patch operation.

Critical Remote code execution vulnerability discovered in Fiber based GPON home router allows attack could compromise the entire network and bypass all authentication.

GPON is one of the widely used internet and the highest speed, longest life, lowest cost network infrastructure available in the market. Offering a genuine future‐proof access network with flexibility and upgrade capability well into the future.

This vulnerability can be exploited by just modifying the URL in the browser’s address bar and this bug allows let anyone bypass the router’s login page.

There is 2 critical vulnerability involved in this flaw and those combined 2 (CVE-2018-10561 & CVE-2018-10562) vulnerabilities allow attacker could take over and gain complete control the device and the network.

  • CVE-2018-10561 –a way to bypass all authentication on the devices
  • (CVE-2018-10562- command injection vulnerability to execute commands on the device

Mainly this flaw exploits the authentication mechanism using first vulnerability which leads to attack bypass all the authentication.

Bypass Router Using Simple Trick

Primary flaw found in HTTP servers that usually check the specific path when performing the authentication process which allows bypassing authentication on any endpoint system with a simple trick.

An attack can bypass the endpoint by just adding  ?images/ to the URL which works on both HTML pages and GponForm/.

/menu.html?images/
or
/GponForm/diag_FORM?images/
According to vpnmentor, While looking through the device functionalities, we noticed the diagnostic endpoint contained the ping and traceroute commands. It didn’t take much to figure out that the commands can be injected by the host parameter.
Since the router saves ping results in /tmp and transmits it to the user when the user revisits /diag.html, it’s quite simple to execute commands and retrieve their output with the authentication bypass vulnerability.

you can see the video that demonstrates the exploitation of the critical RCE flaw.

Researchers have tested many of the GPON routers and they find the same flaw in so many routers.

Also, they search in shodan to find the number GPON devices that is using in wide that show more than one million routers are actively working around the world.

Managed WAF Protection

Website

Latest articles

cyber security

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...
Chrome

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...
CVE/vulnerability

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...
Cyber Security News

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...
Cyber Security News

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...
CVE/vulnerability

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...
cyber security

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Register Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

[email protected]