CVE-2017-18046 — CRITICAL (9.8)

Vulnerability Description

Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dasannetworks	H640X Firmware	2.77p1-1124
Dasannetworks	H640X	-

Related Weaknesses (CWE)

CWE-119

References

https://blogs.securiteam.com/index.php/archives/3552ExploitThird Party Advisory
https://pastebin.com/Yxd9S46A
https://twitter.com/ankit_anubhav/status/982261670394249216
https://blogs.securiteam.com/index.php/archives/3552ExploitThird Party Advisory
https://pastebin.com/Yxd9S46A
https://twitter.com/ankit_anubhav/status/982261670394249216

FAQ

What is CVE-2017-18046?

CVE-2017-18046 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action functi...

How severe is CVE-2017-18046?

CVE-2017-18046 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-18046?

Check the references section above for vendor advisories and patch information. Affected products include: Dasannetworks H640X Firmware, Dasannetworks H640X.