https://www.tenable.com/security/research/tra-2019-09

An issue was discovered in GPON ONT Home Gateway web administration interface. A remote command execution vulnerability exists in /GponForm/device_Form?script/ component due to insufficient input validation. An authenticated, remote attacker can exploit this to escalate their permissions level and execute arbitrary commands with root privileges.

Note that Nessus has authenticated to GPON Home Gateway web interface by using supplied credentials or utilized an authentication bypass (CVE-2018-10561) issue in order to exploit this vulnerability.

CVE-2019-3920

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins