Fiber Routers Vulnerable to Authentication Bug, Command Injection Via URL Change

Security researchers discovered a remote code execution (RCE) vulnerability in more than a million gigabit passive optical network (GPON) home routers. The vulnerability easily lets an attacker bypass the login authentication page by modifying the URL in the browser's address bar, allowing almost complete access to the router. According to Shodan, the search engine used to find connected devices around the world, half of the vulnerable routers are located in Mexico, while the remaining half is in Kazakhstan and Vietnam.

[Read: Routers under attack: Current security flaws and how to fix them]

Researchers conducted a comprehensive assessment of the routers manufactured by Dasan Networks and found that CVE-2018-10561 allows anyone to skip the authentication pages by adding “?images/” to the end of any of the router’s configuration pages’ web address. The flaw also allowed the researchers to exploit a command injection vulnerability, remotely executing other commands on the device and the network through the modified DNS settings.

[Read: A look into the most noteworthy home network security threats of 2017]

GPON is a passive optical network commonly used in fiber routers for the hi-speed internet connection it affords users and all connected devices through fiber optics. The ISPs provide the routers to their subscribers and are usually assigned default usernames and passwords. This makes it easier for hackers to hijack the firmware and add the router to botnets, perform man-in-the-middle attacks, or steal information to use for other digital extortion and cyberespionage purposes.

[Protecting home networks: Start by securing the router]

South Korean company Dasan Networks manufactured the said routers, but could not be reached. According to a local publication in 2016, the company is the world’s sixth largest GPON router provider and available in more than 60 countries. Threat actors have been known to target the company's devices in the past — likely because the company was said to have ignored some disclosed vulnerabilities found in their products.

[Read: Our exposed world – How exposures translate into attacks]

Router vulnerabilities are not new, and more flaws are being discovered as home and work networks blur the lines of when the business tasks end and begin. As more people adopt a growing arsenal of IoT devices for efficiency and increased productivity, it has become more important to secure the gateway from threats. Here are a few ways to protect your routers and devices from these threats:

  • Familiarize yourself with the features of your router. Update and download patches for software regularly
  • Check your router’s DNS settings to see if they’ve been tampered with
  • Enable your router’s built-in firewall, and encrypt wireless connections
  • Change default credentials and use more complicated passwords

[Read: Home routers: Mitigating attacks that can turn them into zombies]

Trend Micro proactively adapts to the needs of these technological times. Make sure you have maximum protection with XGen™ security for all your devices. A connected and smart home needs a smarter internet security, and XGen™ ensures that your digital life runs undisturbed, with your files and data safe from malicious apps and threats, and our continuous 24/7 technical support and services available for issues and installation assistance.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.