GPON·ÓÉÆ÷ÑϳÁ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-03-04

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-3917£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3918£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3919£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º×ÔÆÀ10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3920£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º×ÔÆÀ10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3921£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-3922£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


DASAN Networks GPON Home Gateway


·ì϶¸ÅÊö


Tenable×êÑÐÔ±Artem MetlaÔÚŵ»ùÑÇ£¨°¢¶û¿¨ÌØÀÊѶ£©I-240W-Q GPON·ÓÉÆ÷£¨CVE-2019-3917£¬CVE-2019-3918£¬CVE-2019-3919£¬CVE-2019-3920£¬CVE-2019-3921£¬CVE-2019-3922£©Öз¢ÏÖÁËÁù¸ö·ì϶ ¡£ ÕâЩ·ì϶Ô̺¬¿ÉÔ¶³Ì½Ó¼ûµÄºóÃÅ£¬Ó²±àÂëÍ´´¦£¬ºÅÁî×¢ÈëºÍ²Ö¿â»º³åÇøÒç³ö ¡£


·ì϶ÑéÖ¤


CVE-2019-3917£ºGPON·ÓÉÆ÷´æÔÚÔ¶³ÌδÈÏÖ¤ÆôÓÃ/½ûÓÃTelnet ·þÎñ·ì϶£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ÔÚδÈÏÖ¤µÄÇé¿öÏÂÆôÓÃ/½ûÓÃTelnet·þÎñ ¡£


curl http://[router ip]/otd


CVE-2019-3918£ºGPON·ÓÉÆ÷´æÔÚÓ²±àÂëƾ֤·ì϶£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶»ñÈ¡µÇ¼Õ˺ÅÃÜÂë ¡£ÓйصÄÓ²±àÂëÕʺţº


root/admin (telnet)

root/huigu309 (telnet)

CRAFTSPERSON/ALC#FGU (telnet)

ONTUSER/SUGAR2A041 (ssh)


CVE-2019-3919¡¢CVE-2019-3920£ºGPON·ÓÉÆ÷´æÔÚÔ¶³ÌºÅÁîÖ´Ðзì϶£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐÐËÁÒâºÅÁî ¡£´æÔÚºÅÁî×¢ÈëµÄusb_partition²ÎÊý£º


 /GponForm/usb_restore_Form?script/ 

/GponForm/device_Form?script/ 


CVE-2019-3921£ºGPON·ÓÉÆ÷´æÔÚÈÏÖ¤Õ»Òç¶Âí½Å£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö·þÎñÆ÷±ÀÀ£ ¡£


/GponForm/usb_Form?script/. 


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


CVE-2019-3922£ºGPON·ÓÉÆ÷´æÔÚδÈÏÖ¤Õ»Òç¶Âí½Å£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö·þÎñÆ÷±ÀÀ£ ¡£


/GponForm/fsetup_Form


±¦ÔËÀ³¡¤(ÖйúÇø)×îйٷ½ÍøÕ¾


EXP£ºhttps://github.com/tenable/poc/blob/master/gpon/nokia_a-l_i-240w-q/gpon_poc_cve-2019-3921.py 


½¨¸´½¨Òé


³§ÉÌÉÐδÌṩ·ì϶½¨¸´¹æ»®£¬Çë¹Ø×¢³§ÉÌÖ÷Ò³¸üУº http://www.dasannetworks.com 


²Î¿¼Á´½Ó


https://www.tenable.com/blog/tenable-research-discovers-remote-code-execution-vulnerabilities-in-gpon-routers

https://www.tenable.com/security/research/tra-2019-09