{"api_version":"1","generated_at":"2026-07-12T11:45:47+00:00","cve":"CVE-2018-10561","urls":{"html":"https://cve.report/CVE-2018-10561","api":"https://cve.report/api/cve/CVE-2018-10561.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10561","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10561"},"summary":{"title":"CVE-2018-10561","description":"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-05-04 03:29:00","updated_at":"2019-03-04 18:39:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/","name":"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/","refsource":"MISC","tags":["Exploit","Technical Description","Third Party Advisory"],"title":"Critical RCE Vulnerability Found in Over a Million GPON Home Routers","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/44576/","name":"44576","refsource":"EXPLOIT-DB","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"GPON Routers - Authentication Bypass / Command Injection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/107053","name":"107053","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10561","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10561","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10561","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dasannetworks","cpe5":"gpon_router","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10561","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"dasannetworks","cpe5":"gpon_router","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10561","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dasannetworks","cpe5":"gpon_router_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10561","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"dasannetworks","cpe5":"gpon_router_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2018","cve_id":"10561","cve":"CVE-2018-10561","vendorProject":"Dasan","product":"Gigabit Passive Optical Network (GPON) Routers","vulnerabilityName":"Dasan GPON Routers Authentication Bypass Vulnerability","dateAdded":"2022-03-31","shortDescription":"Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.","requiredAction":"The impacted product is end-of-life and should be disconnected if still in use.","dueDate":"2022-04-21","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2018-10561","cwes":"CWE-287","catalogVersion":"2026.07.10","updated_at":"2026-07-10 17:54:20"},"epss":{"cve_year":"2018","cve_id":"10561","cve":"CVE-2018-10561","epss":"0.928870000","percentile":"0.998170000","score_date":"2026-07-11","updated_at":"2026-07-12 00:00:56"},"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-10561","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"107053","refsource":"BID","url":"http://www.securityfocus.com/bid/107053"},{"name":"44576","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/44576/"},{"name":"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/","refsource":"MISC","url":"https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/"}]}},"nvd":{"publishedDate":"2018-05-04 03:29:00","lastModifiedDate":"2019-03-04 18:39:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:dasannetworks:gpon_router:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10561","Ordinal":"127000","Title":"CVE-2018-10561","CVE":"CVE-2018-10561","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10561","Ordinal":"1","NoteData":"An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10561","Ordinal":"2","NoteData":"2018-05-03","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10561","Ordinal":"3","NoteData":"2019-02-19","Type":"Other","Title":"Modified"}]}}}