CVE-2019-9974

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
11/04/2019
Last modified:
24/08/2020

Description

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:dasannetworks:h660rm_firmware:1.03-0022:*:*:*:*:*:*:*
cpe:2.3:h:dasannetworks:h660rm:-:*:*:*:*:*:*:*