CVE-2017-18046
NONE EPSS 91.4%
Published Jan 21, 20188y ago · Modified Jun 17, 20262w ago
Published Jan 21, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi).
Threat Intelligence
EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| dasannetworks | h640x_firmware | 2.77p1-1124 | any |
| dasannetworks | h640x_firmware | 3.03p2-1146 | any |
| dasannetworks | h640x_firmware | 12.02-01121 | any |
| dasannetworks | h640x | * | any |
References 3
- blogs.securiteam.com https://blogs.securiteam.com/index.php/archives/3552
- pastebin.com https://pastebin.com/Yxd9S46A
- twitter.com https://twitter.com/ankit_anubhav/status/982261670394249216
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.