Login Sign Up

CVE-2018-10561

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This CVE describes an authentication bypass vulnerability in Dasan GPON home routers where attackers can access administrative interfaces by appending '?images' to URLs. This allows unauthorized management of affected routers, potentially impacting all users of vulnerable Dasan GPON router models.

💻 Affected Systems

Products:
  • Dasan GPON home routers
Versions: All versions prior to patched firmware
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects routers with web management interface enabled (default configuration).

📦 What is this software?

Gpon Router Firmware by Dasannetworks

View all CVEs affecting Gpon Router Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover allowing traffic interception, malware injection, network compromise, and persistent backdoor installation.

🟠

Likely Case

Unauthorized configuration changes, DNS hijacking, credential theft, and network monitoring.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request manipulation with publicly available exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates

Vendor Advisory: No official vendor advisory found in provided references

Restart Required: Yes

Instructions:

1. Check Dasan website for firmware updates. 2. Download latest firmware. 3. Upload via router admin interface. 4. Reboot router.

🔧 Temporary Workarounds

Disable remote management

all

Disable web management interface from WAN/Internet-facing interfaces

Network segmentation

all

Place routers in isolated network segments with strict firewall rules

🧯 If You Can't Patch

  • Implement strict network access controls to limit router management interface exposure
  • Monitor for unusual authentication attempts and configuration changes

🔍 How to Verify

Check if Vulnerable:

Attempt to access router admin page with ?images appended (e.g., http://router-ip/menu.html?images)

Check Version:

Check router web interface or use vendor-specific CLI commands

Verify Fix Applied:

Verify the same URL manipulation no longer grants access without authentication

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '?images' in URL
  • Unauthorized access to admin pages
  • Configuration changes from unexpected IPs

Network Indicators:

  • HTTP traffic to router management interface with ?images parameter
  • Unusual outbound connections from router

SIEM Query:

http.url:*?images* AND (http.status:200 OR http.status:302) AND destination.ip:router_ip

📊 Metadata

CVE ID: CVE-2018-10561
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: May 4, 2018
Last Updated: November 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-10561, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2019-1867 10.0

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco Elastic...

Same vulnerability type (CWE-287)