{"vulnerability": "CVE-2018-10561", "sightings": [{"uuid": "3528c1c5-48ef-49d8-9092-9131bba74fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/5af412ea-4254-4668-b1ea-44bc950d210f", "content": "", "creation_timestamp": "2018-05-10T10:42:33.000000Z"}, {"uuid": "7aeb819f-bd28-47e4-a2dd-e8fea5740b5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/5b2774da-6bb4-46c0-8483-43e102de0b81", "content": "", "creation_timestamp": "2018-06-18T09:04:01.000000Z"}, {"uuid": "782a8c88-6a09-4250-85cc-1202b452f700", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/5c4b3fba-ce3c-414d-931e-631a0a021402", "content": "", "creation_timestamp": "2019-01-25T17:02:02.000000Z"}, {"uuid": "4223a5f3-fe59-4a6a-aa0f-da1107a1af27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/e80c199a-f180-4893-b1bd-1327634b6489", "content": "", "creation_timestamp": "2020-10-09T14:01:52.000000Z"}, {"uuid": "7a56d8a8-f983-4e30-b605-15234db15cd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/c25ea0f0-f1fc-4399-b3c8-4fab2c198ab8", "content": "", "creation_timestamp": "2020-10-09T16:07:56.000000Z"}, {"uuid": "d9571bcf-2c57-4f08-bf33-ccef24eaee9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/b909d469-014d-4c2b-a989-4618f5a3a92b", "content": "", "creation_timestamp": "2020-10-16T03:00:22.000000Z"}, {"uuid": "9575f0a3-cd5b-40b7-9f6e-827e4099a36e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/21dd0f2e-2c59-4a65-8c1c-8f302fb4b8ef", "content": "", "creation_timestamp": "2020-10-09T16:17:35.000000Z"}, {"uuid": "fe667fdc-f681-48d4-bc14-31ac2f34a8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/e6fe42d5-2d65-4430-a1f1-dc057b94d89e", "content": "", "creation_timestamp": "2020-10-09T13:23:54.000000Z"}, {"uuid": "6e2ca824-43a8-4ff5-bcdb-aefb973282ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/ce9cb064-d7a4-4346-884a-33c21edc4ba8", "content": "", "creation_timestamp": "2020-10-09T15:48:41.000000Z"}, {"uuid": "7aaa0478-c6c0-4893-a94e-2814bf8f60cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/164b7866-4260-4b1b-9319-68b8190787af", "content": "", "creation_timestamp": "2020-10-09T16:20:31.000000Z"}, {"uuid": "3511f9b8-5948-4197-b9a7-6d784b40889b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/04dd7a1c-02c9-4f15-81cc-8b0d1e6f507a", "content": "", "creation_timestamp": "2020-10-09T16:20:30.000000Z"}, {"uuid": "bc2edf3d-ac13-49f2-a2c5-ff123a8df98a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "a3c2db1c-61ad-4413-80e2-5b15fc8ea007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/33beee3d-3ddf-4ffb-9344-1ea4a0bd96ba", "content": "", "creation_timestamp": "2024-03-26T20:40:18.000000Z"}, {"uuid": "90e6b474-541e-4685-ba40-8ec230f75eff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/2ae53d86-6f5e-4298-a7dc-d0c3e181fbb5", "content": "", "creation_timestamp": "2024-02-07T13:40:03.000000Z"}, {"uuid": "64ec08eb-fff7-4101-a8d1-980b6bc59bb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/be582764-8dc4-434a-a5f8-00d88dfc78b4", "content": "", "creation_timestamp": "2024-04-18T14:48:16.000000Z"}, {"uuid": "61b70c31-0e79-40e8-bdaa-fcd03664e837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971487", "content": "", "creation_timestamp": "2024-12-24T20:30:01.847344Z"}, {"uuid": "023f0d60-7b7b-4fe1-9793-4fd7ed7c0761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971488", "content": "", "creation_timestamp": "2024-12-24T20:30:02.887843Z"}, {"uuid": "4501a235-92d0-4eee-ae49-2216261b84d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a", "content": "", "creation_timestamp": "2025-10-14T10:31:48.000000Z"}, {"uuid": "e4b993db-425b-4c78-a3f0-84797f9a6706", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:18.000000Z"}, {"uuid": "d262e0be-478e-43e8-a0d2-f5e50ffc8d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "https://t.me/arpsyndicate/1071", "content": "#ExploitObserverAlert\n\nCVE-2018-10561\n\nDESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-10561. An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending \"?images\" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or /GponForm/diag_FORM?images/ URI. One can then manage the device.\n\nFIRST-EPSS: 0.971660000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T00:39:03.000000Z"}, {"uuid": "2c27d7c3-6d52-41ef-b572-1c5c6a9ce0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "published-proof-of-concept", "source": "Telegram/nhD0ygkEECH7CpEpJkVgN8TitJ3JXbkvP51Wkb0QPmNUT8Ps", "content": "", "creation_timestamp": "2025-02-06T02:39:18.000000Z"}, {"uuid": "8d13db5a-4acd-48b3-906a-0a733fe311c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-10561", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3cefdbf0-e812-436f-90a2-c1cf01822506", "content": "", "creation_timestamp": "2026-02-02T12:27:54.905201Z"}, {"uuid": "741f1d88-9a5f-40f4-81d1-93c8fb25d70c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/107", "content": "#Analytics\n25 vulnerabilities/exploits used by IoT Botnet (Mirai, Qbot, Gafygt etc.)\n1. CVE-2015-2280: AirLink101 IPCam 1620W OS CI\n2. CVE-2017-17215: Huawei Router HG532 Arbitrary Command Execution\n3. CVE-2018-10561, CVE-2018-10562 - GPON Routers Auth Bypass/Command Injection\n4. CVE-2018-14417: SoftNAS Cloud <4.0.3 OS CI\n5. CVE-2014-8361: Realtek SDK Miniigd UPnP SOAP Command Execution\n6. CVE-2017-5638: Apache Struts 2.x RCE\n7. CVE-2018-9866: SonicWall SMS RCE\n8. CVE-2017-6884: Zyxel EMG2926 OS CI\n9. CVE-2015-2051: HNAP SoapAction Header Command Execution\n10. CVE-2008-4873: Sepal SPBOARD 4.5 - \"board.cgi\" RCE\n11. CVE-2016-6277: NETGEAR R7000 - CI\n12. D-Link DSL-2750B - OS CI\n13. CAM Wireless IP Camera - Unauth RCE\n14. Eir D1000 Wireless Router - WAN Side RCI\n15. TUTOS 1.3 \"cmd.php\" RCE\n16. WP Plugin DZS-VideoGallery - CSS/CI\n17. Netgear DGN1000 - Setup.cgi RCE\n18. Web Attack (CCTV-DVR RCE)\n19. MVPower DVR TV-7104HE - Shell Command Execution\n20. Vacron NVR RCE\n21. Linksys E-series - RCE\n22. D-Link command.php RCE\n23. EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - RCE\n24. AVTech IP Camera/NVR/DVR Devices - Multiple Vulns\n25. NetGain \"ping\" Command Injection", "creation_timestamp": "2024-10-11T09:08:41.000000Z"}, {"uuid": "ac73174b-3369-4529-bfec-3972a8276c81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/3739", "content": "EE |  GPON Home Routers Exploit CVE-2018-10561  | https://github.com/f3d0x0/GPON", "creation_timestamp": "2018-05-10T16:08:26.000000Z"}, {"uuid": "5a726f97-79a1-46e8-9bab-b8c1efd57f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1902", "content": "#Analytics\nTop-10 exploited vulnerabilities in January-July 2020:\n1. MVPower DVR Remote Code Execution*\n2. Dasan GPON Router Authentication Bypass (CVE-2018-10561)*\n3. OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346)\u00a0\n4. HTTP Headers Remote Code Execution (CVE-2020-13756)*\n5. Arbitrary code execution vulnerability in Citrix VPN (CVE-2019-19781)*\n6. Draytek Vigor Command Injection (CVE-2020-8515)*\n7. Command Injection Over HTTP Payload\n8. SQL Injection (several techniques)\n9. RCE on MS Exchange Server (CVE-2020-0688)*\n10. Web Server Exposed Git Repository Information Disclosure\n\n* - Description/PoC available on Cybersecurity Technologies channel ...", "creation_timestamp": "2020-12-18T17:23:40.000000Z"}, {"uuid": "b0b4d8bd-19a3-43be-85e5-3d44dceca0ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/52", "content": "#exploit\nRCE on GPON home routers\n\n1. CVE-2018-10562:\nRCE on GPON home routers\nhttps://github.com/nixawk/labs/tree/master/CVE-2018-10562\n]-> https://github.com/ATpiu/CVE-2018-10562\n\n2. Exploit for CVE-2018-10561:\nhttps://github.com/threat9/routersploit/pull/394/files", "creation_timestamp": "2024-09-23T10:37:58.000000Z"}, {"uuid": "58fe8cb8-394b-491b-8393-48cce37cc871", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-10561", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}]}