Unauthenticated Remote Ping and DoS Vulnerability in DASAN H660RM GPON Routers

Unauthenticated Remote Ping and DoS Vulnerability in DASAN H660RM GPON Routers

CVE-2019-9974 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:P

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.

Learn more about our Web Application Penetration Testing UK.