CVE-2018-10562

Confirmed PUBLISHED

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a...

Dasan · GPON home routers
Exploited in the wild Active exploitation observed Used in malware PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
148
Unique Attacker IPs
103
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
9.8 Critical EPSS 99.9%

At a Glance

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

nuclei_scanner ransomware edge cisa malware
CVE Published
May 04, 2018
Exploitation Reported
Mar 31, 2022
CVSS
9.8 Critical
EPSS
99.9%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.