Vulnerabilities Affecting Over One Million Dasan GPON Routers Are Now Under Attack
(May 4, 2018)
An authentication bypass vulnerability (CVE-2018-10561) and a remote code execution vulnerability (CVE-2018-10562) that affect Dasan Gigabit Passive Optical Network (GPON) routers are actively being exploited, according to Qihoo 360 Netlab researchers. Specifically, the attacks began on May, several days after an anonymous researcher published information discussing both vulnerabilities. In addition, the researcher said that he/she found over one million vulnerable services via the internet scanning tool Shodan.
Recommendation: Ensure that your server is always running the most current software version. Additionally, maintaining secure passwords for RDP and other remote access systems is paramount. Intrusion detection systems and intrusion prevention systems can also assist in identifying and preventing attacks against your company's network. Furthermore, always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe). In the case of ransomware infection, the affected systems should be wiped and reformatted, even if the ransom is paid. Other machines on the same network should be scanned for other potential infections.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.