cve/2018/CVE-2018-10562.md

### [CVE-2018-10562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10562)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44576/

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/20142995/sectool
- https://github.com/649/Pingpon-Exploit
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/ATpiu/CVE-2018-10562
- https://github.com/Choudai/GPON-LOADER
- https://github.com/ExiaHan/GPON
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Truongnn92/GPON
- https://github.com/c0ld1/GPON_RCE
- https://github.com/duggytuxy/malicious_ip_addresses
- https://github.com/ethicalhackeragnidhra/GPON
- https://github.com/f3d0x0/GPON
- https://github.com/lnick2023/nicenice
- https://github.com/manyunya/GPON
- https://github.com/nixawk/labs
- https://github.com/oneplus-x/MS17-010
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xuguowong/Mirai-MAL
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-10562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10562)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/44576/`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/20142995/sectool`
			`- https://github.com/649/Pingpon-Exploit`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/ARPSyndicate/kenzer-templates`
			`- https://github.com/ATpiu/CVE-2018-10562`
			`- https://github.com/Choudai/GPON-LOADER`
			`- https://github.com/ExiaHan/GPON`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/Truongnn92/GPON`
			`- https://github.com/c0ld1/GPON_RCE`
			`- https://github.com/duggytuxy/malicious_ip_addresses`
			`- https://github.com/ethicalhackeragnidhra/GPON`
			`- https://github.com/f3d0x0/GPON`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/manyunya/GPON`
			`- https://github.com/nixawk/labs`
			`- https://github.com/oneplus-x/MS17-010`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/xuguowong/Mirai-MAL`