Unauthenticated Remote Ping and DoS Vulnerability in DASAN H660RM GPON Routers
CVE-2019-9974 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:P
diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.
Learn more about our Web Application Penetration Testing UK.