CVE-2025-29524
📋 TL;DR
This vulnerability allows attackers to bypass access controls on DASAN GPON ONU H660WM devices, exposing sensitive system information through the /cgi-bin/system_diagnostic_main.asp endpoint. Attackers can retrieve diagnostic data without proper authentication. This affects organizations using these specific GPON ONU devices.
💻 Affected Systems
- DASAN GPON ONU H660WM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to device configuration, credentials, network topology, and can pivot to internal networks, potentially leading to complete network compromise.
Likely Case
Unauthenticated attackers access sensitive diagnostic information including system logs, configuration details, and network settings that could facilitate further attacks.
If Mitigated
With proper network segmentation and access controls, impact is limited to information disclosure from the specific device only.
🎯 Exploit Status
Exploitation requires network access to the device's web interface. No authentication needed to access the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: UNKNOWN
Vendor Advisory: NOT AVAILABLE
Restart Required: No
Instructions:
Check with DASAN Networks for firmware updates. No official patch information available at this time.
🔧 Temporary Workarounds
Network Segmentation
allIsolate GPON ONU devices from untrusted networks and restrict access to management interfaces.
Configure firewall rules to block external access to port 80/443 on ONU devices
Implement VLAN segmentation for management traffic
Access Control Lists
allRestrict access to the web management interface to authorized IP addresses only.
iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
🧯 If You Can't Patch
- Disable remote management interface if not required
- Implement network monitoring for unauthorized access attempts to the diagnostic endpoint
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://[device_ip]/cgi-bin/system_diagnostic_main.asp without authentication. If diagnostic information is returned, device is vulnerable.Check Version:
Check device web interface or console for firmware version informationVerify Fix Applied:
After applying workarounds, verify that access to the diagnostic endpoint is properly restricted and requires authentication.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to /cgi-bin/system_diagnostic_main.asp
- Multiple failed authentication attempts followed by diagnostic access
Network Indicators:
- HTTP GET requests to /cgi-bin/system_diagnostic_main.asp from unauthorized sources
- Unusual traffic patterns to ONU management interfaces
SIEM Query:
source="*" AND (url="/cgi-bin/system_diagnostic_main.asp" OR uri="/cgi-bin/system_diagnostic_main.asp")