GPON Router Vulnerability Antidote
A few days ago, we released details of two unpatched critical authentication bypass and root-RCE vulnerabilities we found on very widespread GPON Routers. The vulnerabilities, as we outlined, affects over a million users and is easily accessible through sites like Shodan and ZoomEye.
Shortly after our initial discovery, we contacted the responsible parties. Unfortunately, a patch was not available, and it didn’t seem to be in development either. So, we released the details to inform the affected users of the risks involved in using these modems.
However, we noticed (thanks to 360 Netlab) that attackers began exploiting both these vulnerabilities (CVE-2018-10561 & CVE-2018-10562) to add the affected devices and their networks into their botnets. To prevent more attacks, we took matters into our hands. We are releasing a user-friendly patch below.
All you have to do is input your infected router IP (it can be a local LAN address — it doesn’t have to be WAN) and a new password where you can access your router via LAN only SSH/Telnet, and our script will execute the patch.
Notice: By pressing “Patch”, you will execute the script yourself on the provided IP (whether local or WAN connected), since we use a client-side patch your browser will initiate.
Original report: GPON Router Critical Vulnerability Report – https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router/
VPN Leak Found – https://www.vpnmentor.com/blog/vpn-leaks-found-3-major-vpns-3-tested/
LG Vulnerability – https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
This patch was not created by the official company and is not guaranteed. It was created to help mitigate the vulnerabilities until an official patch is released. Therefore, any issues or problems that might be caused by the use of this tool is not our responsibility, and we advise you to use it at your own risk. This tool disables the web server in a way that is not easy to reverse, it can be done with another patch script, but if you are not comfortable with the command line we suggest firewalling your device until an official patch is released.
Notice that we don’t store any data that the user might input. You can verify this claim by inspecting the code on the page.
P.S: Your router’s web interface will not be accessible from the browser (so it will not be exploited) after you run this.
- Navigate to https://router-ip-address (Make sure its HTTPS)
- Click on “Advanced” (on Chrome) and click on “Proceed”
- Continue to the vpnMentor patch below and input the router IP and port like https://router-ip-address (add https)
- Click on. “Run Patch”
- Wait a few seconds. and your device is patched (You will see a confirmation message with red font on black background).