CVE-2020-23583
OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"
REMOTE CODE EXECUTION found in "OPTILINK OP-XT71000N". The issue occurs when the attacker sends an arbitrary code on "/diag_ping_admin.asp" to "PingTest" interface that leads to COMMAND EXECUTION. An attacker can successfully trigger the COMMAND and can compromise full system.
TARGET
/diag_ping_admin.asp
Attack Vector
pass arbitrary commands with IP-ADDRESS using " | " to execute commands.
REGARDS
Huzaifa Hussain