Login Sign Up

CVE-2019-13412

9.3 CRITICAL

📋 TL;DR

This vulnerability in HiNet GPON firmware allows unauthenticated remote attackers to read arbitrary files on affected devices by sending specific commands to a service on port 3097. It affects HiNet GPON routers with firmware versions before I040GWR190731. The high CVSS score reflects the combination of network accessibility, no authentication requirement, and ability to read sensitive files.

💻 Affected Systems

Products:
  • HiNet GPON routers
Versions: All firmware versions before I040GWR190731
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerable service runs on port 3097 by default in affected firmware versions.

📦 What is this software?

Gpon Firmware by Hinet

View all CVEs affecting Gpon Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, credentials, or system files, potentially leading to complete device compromise, credential theft, and lateral movement into connected networks.

🟠

Likely Case

Attackers scanning for vulnerable devices would read configuration files to extract credentials, network settings, and other sensitive information for further attacks.

🟢

If Mitigated

With proper network segmentation and firewall rules blocking port 3097 from untrusted networks, the risk is significantly reduced to internal threats only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires sending specific commands to port 3097 without authentication. Public references include technical details that could be used to create exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: I040GWR190731 or later

Vendor Advisory: https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download firmware version I040GWR190731 or later from vendor. 3. Upload and apply firmware update through device management interface. 4. Reboot device to complete installation.

🔧 Temporary Workarounds

Block port 3097 at firewall

linux

Prevent external access to the vulnerable service by blocking TCP port 3097 at network perimeter firewalls.

iptables -A INPUT -p tcp --dport 3097 -j DROP

Network segmentation

all

Isolate GPON devices in separate network segments with restricted access to management interfaces.

🧯 If You Can't Patch

  • Implement strict firewall rules to block all inbound traffic to port 3097 from untrusted networks
  • Monitor network traffic to port 3097 for suspicious activity and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check if device responds to specific commands on port 3097 that request file reads, or check firmware version against vulnerable range.

Check Version:

Check through device web interface or console: typically in System > Firmware or similar menu

Verify Fix Applied:

Verify firmware version is I040GWR190731 or later through device management interface, and test that file read commands on port 3097 no longer work.

📡 Detection & Monitoring

Log Indicators:

  • Unusual connections to port 3097
  • Multiple file access attempts from single source

Network Indicators:

  • Traffic to port 3097 from external IPs
  • Specific command patterns in payloads to port 3097

SIEM Query:

source_port=3097 AND (payload_contains="file_read" OR payload_contains="../")

📊 Metadata

CVE ID: CVE-2019-13412
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Published: October 17, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON