Skip to content
/ GPON Public
forked from ExiaHan/GPON

Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.

3 stars 69 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

samyoyo/GPON

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
README.md
README.md
 
 
gpon_rce.py
gpon_rce.py
 
 

Repository files navigation

RCE on GPON home routers (CVE-2018-10561)

Vulnerability

Many routers today use GPON internet, and a way to bypass all authentication on the devices (CVE-2018-10561) was found by VPNMentor. With this authentication bypass, it's also possible to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device.

At the time it was written almost ONE MILLION of these devices are exposed to the Internet, according to Shodan.

Dependencies required

requests

urllib2

Tested on

Kali Linux

Ubuntu 17.10 Server

Usage

python gpon_rce.py TARGET_URL COMMAND

e.g.

python gpon_rce.py http://192.168.1.15 'id'

Screenshots

About

Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562). Initially disclosed by VPNMentor (https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/), kudos for their work.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%