CVE-2020-23584
OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"
Unauthenticated remote code execution on "OPTILINK OP-XT71000N, Hardware Version: V2.2". The issue occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diag_tracert_admin.asp " in the "PingTest" parameter that leads to command execution.
TARGET
/diag_tracert_admin.asp
Attack Vector
pass arbitrary commands with IP-ADDRESS using " | " to execute commands.
REGARDS
Huzaifa Hussain